Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1633.NASL
HistoryJan 14, 2019 - 12:00 a.m.

Debian DLA-1633-1 : sqlite3 security update

2019-01-1400:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
104
JSON

Several flaws were corrected in SQLite, a SQL database engine.

CVE-2017-2518

A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement.

CVE-2017-2519

Insufficient size of the reference count on Table objects could lead to a denial of service or arbitrary code execution.

CVE-2017-2520

The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial of service.

CVE-2017-10989

SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact.

CVE-2018-8740

Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference.

For Debian 8 ‘Jessie’, these problems have been fixed in version 3.8.7.1-1+deb8u4.

We recommend that you upgrade your sqlite3 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1633-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(121133);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2017-10989", "CVE-2017-2518", "CVE-2017-2519", "CVE-2017-2520", "CVE-2018-8740");

  script_name(english:"Debian DLA-1633-1 : sqlite3 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several flaws were corrected in SQLite, a SQL database engine.

CVE-2017-2518

A use-after-free bug in the query optimizer may cause a buffer
overflow and application crash via a crafted SQL statement.

CVE-2017-2519

Insufficient size of the reference count on Table objects could lead
to a denial of service or arbitrary code execution.

CVE-2017-2520

The sqlite3_value_text() interface returned a buffer that was not
large enough to hold the complete string plus zero terminator when the
input was a zeroblob. This could lead to arbitrary code execution or a
denial of service.

CVE-2017-10989

SQLite mishandles undersized RTree blobs in a crafted database leading
to a heap-based buffer over-read or possibly unspecified other impact.

CVE-2018-8740

Databases whose schema is corrupted using a CREATE TABLE AS statement
could cause a NULL pointer dereference.

For Debian 8 'Jessie', these problems have been fixed in version
3.8.7.1-1+deb8u4.

We recommend that you upgrade your sqlite3 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/sqlite3"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsqlite3-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsqlite3-0-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsqlite3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsqlite3-tcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sqlite3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sqlite3-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"lemon", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libsqlite3-0", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libsqlite3-0-dbg", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libsqlite3-dev", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libsqlite3-tcl", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"sqlite3", reference:"3.8.7.1-1+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"sqlite3-doc", reference:"3.8.7.1-1+deb8u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibsqlite3-0p-cpe:/a:debian:debian_linux:libsqlite3-0
debiandebian_linuxlibsqlite3-tclp-cpe:/a:debian:debian_linux:libsqlite3-tcl
debiandebian_linuxlibsqlite3-0-dbgp-cpe:/a:debian:debian_linux:libsqlite3-0-dbg
debiandebian_linuxsqlite3p-cpe:/a:debian:debian_linux:sqlite3
debiandebian_linuxlemonp-cpe:/a:debian:debian_linux:lemon
debiandebian_linuxlibsqlite3-devp-cpe:/a:debian:debian_linux:libsqlite3-dev
debiandebian_linuxsqlite3-docp-cpe:/a:debian:debian_linux:sqlite3-doc
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

osv 6
openvas 39
debian 4
suse 1
nessus 41
cloudfoundry 3
ubuntu 4
fedora 9
redhatcve 2
veracode 2
cve 5
freebsd 3
ubuntucve 5
ibm 5
prion 5
alpinelinux 2
debiancve 5
mageia 3
photon 6
apple 16
rosalinux 1
oracle 2
osv
osv
sqlite3 - security update
2019-01-11 00:00:00
sqlite3 - security update
2017-07-09 00:00:00
CVE-2017-10989
2017-07-07 12:29:00
openvas
openvas
Debian: Security Advisory (DLA-1633-1)
2019-01-13 00:00:00
openSUSE: Security Advisory for sqlite3 (openSUSE-SU-2019:1426-1)
2019-05-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1208-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DLA 1633-1] sqlite3 security update
2019-01-11 18:48:51
[SECURITY] [DLA 1018-1] sqlite3 security update
2017-07-09 08:06:24
[SECURITY] [DLA 3431-1] sqlite security update
2023-05-22 11:12:34
suse
suse
Security update for sqlite3 (moderate)
2019-05-22 00:00:00
nessus
nessus
openSUSE Security Update : sqlite3 (openSUSE-2019-1426)
2019-05-22 00:00:00
SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)
2019-05-13 00:00:00
SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)
2019-06-18 00:00:00
cloudfoundry
cloudfoundry
USN-4019-1: SQLite vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
USN-4205-1: SQLite vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
USN-4394-1: SQLite vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2019-06-19 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
SQLite vulnerabilities
2019-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: sqlite-3.13.0-2.fc24
2017-07-17 01:51:00
[SECURITY] Fedora 26 Update: spatialite-tools-4.3.0-23.fc26
2017-07-16 20:23:26
[SECURITY] Fedora 26 Update: sqlite-3.19.3-1.fc26
2017-07-16 20:23:27
redhatcve
redhatcve
CVE-2017-10989
2017-07-11 15:50:29
CVE-2018-8740
2018-03-21 04:20:49
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:21:03
Denial Of Service (DoS)
2020-05-10 23:25:15
cve
cve
CVE-2017-10989
2017-07-07 12:29:00
CVE-2018-8740
2018-03-17 00:29:00
CVE-2017-2520
2017-05-22 05:29:00
freebsd
freebsd
sqlite3 -- heap-buffer overflow
2017-08-08 00:00:00
SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-16 00:00:00
SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-16 00:00:00
ubuntucve
ubuntucve
CVE-2017-10989
2017-07-07 00:00:00
CVE-2017-2518
2017-05-22 00:00:00
CVE-2018-8740
2018-03-17 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products
2018-06-17 15:44:41
Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-8740
2019-05-10 14:33:22
Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions (CVE-2018-8740)
2018-09-21 06:35:01
prion
prion
Heap overflow
2017-07-07 12:29:00
Null pointer dereference
2018-03-17 00:29:00
Buffer overflow
2017-05-22 05:29:00
alpinelinux
alpinelinux
CVE-2017-10989
2017-07-07 12:29:00
CVE-2018-8740
2018-03-17 00:29:00
debiancve
debiancve
CVE-2017-10989
2017-07-07 12:29:00
CVE-2017-2520
2017-05-22 05:29:00
CVE-2018-8740
2018-03-17 00:29:00
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2018-03-23 01:39:21
Updated sqlite3 packages fix security vulnerability
2017-08-03 22:05:47
Updated sqlite packages fix security vulnerability
2023-06-28 08:21:41
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0025
2017-07-19 00:00:00
Critical Photon OS Security Update - PHSA-2017-0055
2017-07-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0037
2018-04-23 00:00:00
apple
apple
About the security content of watchOS 3.2.2
2017-05-15 00:00:00
About the security content of watchOS 3.2.2 - Apple Support
2017-06-07 08:52:14
About the security content of tvOS 10.2.1 - Apple Support
2017-06-21 08:52:03
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
CPU July 2018
2018-07-17 00:00:00
JSON
Related for DEBIAN_DLA-1633.NASL
osv6openvas39debian4suse1nessus41cloudfoundry3ubuntu4fedora9redhatcve2veracode2cve5freebsd3ubuntucve5ibm5prion5alpinelinux2debiancve5mageia3photon6apple16rosalinux1oracle2