Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1537.NASL
HistoryOct 28, 2020 - 12:00 a.m.

Amazon Linux 2 : mariadb (ALAS-2020-1537)

2020-10-2800:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1537 advisory.

  • Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).
    Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2737)

  • Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
    Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector:
    (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2739)

  • Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2740)

  • Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2805)

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)

  • Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)

  • Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)

  • Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1537.
##

include('compat.inc');

if (description)
{
  script_id(142022);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/11");

  script_cve_id(
    "CVE-2019-2737",
    "CVE-2019-2739",
    "CVE-2019-2740",
    "CVE-2019-2805",
    "CVE-2019-2974",
    "CVE-2020-2574",
    "CVE-2020-2752",
    "CVE-2020-2780",
    "CVE-2020-2812",
    "CVE-2020-2922"
  );
  script_bugtraq_id(109243);
  script_xref(name:"ALAS", value:"2020-1537");

  script_name(english:"Amazon Linux 2 : mariadb (ALAS-2020-1537)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS2-2020-1537 advisory.

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).
    Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily
    exploitable vulnerability allows high privileged attacker with network access via multiple protocols to
    compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9
    (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2737)

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
    Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily
    exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL
    Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in
    unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well
    as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base
    Score 5.1 (Integrity and Availability impacts). CVSS Vector:
    (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2739)

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported
    versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
    impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2740)

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported
    versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
    impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2805)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
    versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
    impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)

  - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
    affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability
    allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS
    Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)

  - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
    affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability
    allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS
    Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
    that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
    impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
    versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability
    impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)

  - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
    affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability
    allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
    Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL
    Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1537.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-2737");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-2739");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-2740");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-2805");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-2974");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2574");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2752");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2780");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2812");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2922");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update mariadb' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2922");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-2739");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mariadb-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

pkgs = [
    {'reference':'mariadb-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-bench-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-bench-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-bench-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-debuginfo-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-debuginfo-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-debuginfo-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-devel-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-devel-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-devel-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-embedded-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-embedded-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-embedded-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-embedded-devel-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-embedded-devel-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-embedded-devel-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-libs-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-libs-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-libs-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-server-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-server-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-server-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'},
    {'reference':'mariadb-test-5.5.68-1.amzn2', 'cpu':'aarch64', 'release':'AL2'},
    {'reference':'mariadb-test-5.5.68-1.amzn2', 'cpu':'i686', 'release':'AL2'},
    {'reference':'mariadb-test-5.5.68-1.amzn2', 'cpu':'x86_64', 'release':'AL2'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxmariadbp-cpe:/a:amazon:linux:mariadb
amazonlinuxmariadb-benchp-cpe:/a:amazon:linux:mariadb-bench
amazonlinuxmariadb-debuginfop-cpe:/a:amazon:linux:mariadb-debuginfo
amazonlinuxmariadb-develp-cpe:/a:amazon:linux:mariadb-devel
amazonlinuxmariadb-embeddedp-cpe:/a:amazon:linux:mariadb-embedded
amazonlinuxmariadb-embedded-develp-cpe:/a:amazon:linux:mariadb-embedded-devel
amazonlinuxmariadb-libsp-cpe:/a:amazon:linux:mariadb-libs
amazonlinuxmariadb-serverp-cpe:/a:amazon:linux:mariadb-server
amazonlinuxmariadb-testp-cpe:/a:amazon:linux:mariadb-test
amazonlinux2cpe:/o:amazon:linux:2

References

Related

amazon 3
nessus 78
oraclelinux 5
slackware 2
openvas 23
ubuntu 3
cloudfoundry 1
centos 2
redhat 13
altlinux 3
suse 1
mageia 2
almalinux 3
rocky 3
osv 13
f5 2
photon 1
fedora 6
gentoo 1
mariadbunix 4
veracode 5
ubuntucve 2
debiancve 5
alpinelinux 4
ibm 1
prion 3
cve 5
redhatcve 3
freebsd 2
amazon
amazon
Important: mariadb
2020-10-22 18:28:00
Medium: mysql56
2019-09-30 21:00:00
Medium: mysql57
2019-09-30 21:02:00
nessus
nessus
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
CentOS 7 : mariadb (CESA-2020:4026)
2020-10-20 00:00:00
Oracle Linux 7 : mariadb (ELSA-2020-4026)
2023-09-07 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb security and bug fix update
2020-04-06 00:00:00
mariadb-connector-c security, bug fix, and enhancement update
2020-12-18 00:00:00
slackware
slackware
[slackware-security] mariadb
2019-08-01 21:55:27
[slackware-security] mariadb
2020-05-13 00:12:02
openvas
openvas
Slackware: Security Advisory (SSA:2019-213-01)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-4070-2)
2019-08-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3369-1)
2021-04-19 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2019-08-12 00:00:00
MariaDB vulnerabilities
2019-08-13 00:00:00
MySQL vulnerabilities
2019-07-24 00:00:00
cloudfoundry
cloudfoundry
USN-4070-2: MariaDB vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
centos
centos
mariadb security update
2020-10-20 18:30:49
mariadb security update
2020-04-08 18:46:49
redhat
redhat
(RHSA-2020:4026) Moderate: mariadb security and bug fix update
2020-09-29 07:52:34
(RHSA-2020:1100) Moderate: mariadb security and bug fix update
2020-03-31 09:18:38
(RHSA-2020:4174) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
2020-10-05 14:48:15
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.43-alt1
2020-01-24 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.4.7-alt1
2019-08-11 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.46-alt1
2020-09-15 00:00:00
suse
suse
Security update for mariadb (moderate)
2019-12-22 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2019-08-18 15:39:41
Updated mariadb packages fix security vulnerability
2020-07-07 14:13:48
almalinux
almalinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
Moderate: mariadb:10.3 security and bug fix update
2019-11-05 00:00:00
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
rocky
rocky
mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
mariadb:10.3 security and bug fix update
2019-11-05 20:53:43
mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
osv
osv
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
Moderate: mariadb:10.3 security and bug fix update
2019-11-05 00:00:00
f5
f5
K33522171 : Multiple MySQL vulnerabilities
2022-01-12 00:00:00
K51272092 : MySQL vulnerabilities CVE-2019-2730, CVE-2019-2731, CVE-2019-2737, CVE-2019-2738, and CVE-2019-2739
2019-08-21 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0239
2020-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mariadb-connector-c-3.1.8-1.fc32
2020-06-16 01:32:44
[SECURITY] Fedora 32 Update: mariadb-10.4.13-1.fc32
2020-06-16 01:32:44
[SECURITY] Fedora 32 Update: galera-26.4.4-2.fc32
2020-06-16 01:32:43
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2020-12-07 00:00:00
mariadbunix
mariadbunix
CVE-2019-2974
2019-10-16 18:15:32
CVE-2019-2740
2019-07-23 23:15:38
CVE-2019-2739
2019-07-23 23:15:38
veracode
veracode
Denial Of Service (DoS)
2020-08-20 02:25:41
Denial Of Service (Dos)
2019-08-15 00:08:36
Denial Of Service (DoS)
2020-08-06 21:34:43
ubuntucve
ubuntucve
CVE-2019-2974
2019-10-16 00:00:00
CVE-2019-2740
2019-07-19 00:00:00
debiancve
debiancve
CVE-2019-2974
2019-10-16 18:15:00
CVE-2019-2740
2019-07-23 23:15:00
CVE-2020-2574
2020-01-15 17:15:00
alpinelinux
alpinelinux
CVE-2019-2974
2019-10-16 18:15:00
CVE-2019-2740
2019-07-23 23:15:00
CVE-2019-2739
2019-07-23 23:15:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2021-01-27 00:05:57
prion
prion
Code injection
2019-07-23 23:15:00
Code injection
2019-10-16 18:15:00
Code injection
2019-07-23 23:15:00
cve
cve
CVE-2019-2740
2019-07-23 23:15:00
CVE-2019-2974
2019-10-16 18:15:00
CVE-2020-2574
2020-01-15 17:15:00
redhatcve
redhatcve
CVE-2019-2974
2020-04-06 17:02:25
CVE-2019-2737
2020-02-16 08:08:47
CVE-2019-2740
2019-12-28 09:35:47
freebsd
freebsd
MariaDB -- Vulnerability in C API
2020-01-28 00:00:00
MySQL Client -- Multiple vulerabilities
2020-04-14 00:00:00
JSON
Related for AL2_ALAS-2020-1537.NASL
amazon3nessus78oraclelinux5slackware2openvas23ubuntu3cloudfoundry1centos2redhat13altlinux3suse1mageia2almalinux3rocky3osv13f52photon1fedora6gentoo1mariadbunix4veracode5ubuntucve2debiancve5alpinelinux4ibm1prion3cve5redhatcve3freebsd2