Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2021-1675.NASL
HistoryFeb 09, 2022 - 12:00 a.m.

AlmaLinux 8 : libdb (ALSA-2021:1675)

2022-02-0900:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1675 advisory.

  • Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2708)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2021:1675.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(157710);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/02/14");

  script_cve_id("CVE-2019-2708");
  script_xref(name:"ALSA", value:"2021:1675");

  script_name(english:"AlmaLinux 8 : libdb (ALSA-2021:1675)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the
ALSA-2021:1675 advisory.

  - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are
    Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low
    privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store
    executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized
    ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3
    (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2708)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2021-1675.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2708");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-cxx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-cxx-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-devel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-sql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-sql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libdb-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AlmaLinux/release');
if (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var pkgs = [
    {'reference':'libdb-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-cxx-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-cxx-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-cxx-devel-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-cxx-devel-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-devel-doc-5.3.28-40.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-sql-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-sql-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-sql-devel-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-sql-devel-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libdb-utils-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libdb / libdb-cxx / libdb-cxx-devel / libdb-devel-doc / libdb-sql / etc');
}
VendorProductVersionCPE
almalinuxlibdbp-cpe:/a:alma:linux:libdb
almalinuxlibdb-cxxp-cpe:/a:alma:linux:libdb-cxx
almalinuxlibdb-cxx-develp-cpe:/a:alma:linux:libdb-cxx-devel
almalinuxlibdb-devel-docp-cpe:/a:alma:linux:libdb-devel-doc
almalinuxlibdb-sqlp-cpe:/a:alma:linux:libdb-sql
almalinuxlibdb-sql-develp-cpe:/a:alma:linux:libdb-sql-devel
almalinuxlibdb-utilsp-cpe:/a:alma:linux:libdb-utils
almalinux8cpe:/o:alma:linux:8

Related

oraclelinux 1
nessus 16
cbl_mariner 3
redhatcve 1
veracode 1
osv 2
fedora 1
prion 1
cve 1
redhat 13
mageia 1
almalinux 1
rocky 1
ibm 3
oracle 1
oraclelinux
oraclelinux
libdb security update
2021-05-25 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : libdb (EulerOS-SA-2021-1555)
2021-03-04 00:00:00
Rocky Linux 8 : libdb (RLSA-2021:1675)
2023-11-06 00:00:00
EulerOS 2.0 SP5 : libdb (EulerOS-SA-2022-2274)
2022-08-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-2708 affecting package libdb 5.3.28-7
2024-03-19 17:21:46
CVE-2019-2708 affecting package libdb 5.3.28-6
2022-04-26 19:57:55
CVE-2019-2708 affecting package libdb 5.3.28-6
2021-10-05 03:00:59
redhatcve
redhatcve
CVE-2019-2708
2020-07-02 09:20:42
veracode
veracode
Denial Of Service (DoS)
2021-05-21 14:01:38
osv
osv
Low: libdb security update
2021-05-18 05:48:41
Low: libdb security update
2021-05-18 05:48:41
fedora
fedora
[SECURITY] Fedora 33 Update: libdb-5.3.28-45.fc33
2020-12-16 01:43:18
prion
prion
Code injection
2019-04-23 19:32:00
cve
cve
CVE-2019-2708
2019-04-23 19:32:00
redhat
redhat
(RHSA-2021:1675) Low: libdb security update
2021-05-18 05:48:41
(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0
2021-07-13 16:31:04
(RHSA-2021:2130) Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update
2021-06-23 05:30:08
mageia
mageia
Updated db53 packages fix a security vulnerability
2021-01-29 22:05:33
almalinux
almalinux
Low: libdb security update
2021-05-18 05:48:41
rocky
rocky
libdb security update
2021-05-18 05:48:41
ibm
ibm
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2021-12-03 18:52:37
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
2021-10-19 15:38:04
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
JSON
Related for ALMA_LINUX_ALSA-2021-1675.NASL
oraclelinux1nessus16cbl_mariner3redhatcve1veracode1osv2fedora1prion1cve1redhat13mageia1almalinux1rocky1ibm3oracle1