Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1275.NASLHistoryApr 04, 2019 - 12:00 a.m.
EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)
2019-04-0400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.009
Percentile
83.2%
According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
-
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153)
-
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.i1/4^CVE-2017-10989i1/4%0
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123743);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");
script_cve_id("CVE-2016-6153", "CVE-2017-10989");
script_name(english:"EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the sqlite packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- os_unix.c in SQLite before 3.13.0 improperly implements
the temporary directory search algorithm, which might
allow local users to obtain sensitive information,
cause a denial of service (application crash), or have
unspecified other impact by leveraging use of the
current working directory for temporary
files.(CVE-2016-6153)
- The getNodeSize function in ext/rtree/rtree.c in SQLite
through 3.19.3, as used in GDAL and other products,
mishandles undersized RTree blobs in a crafted
database, leading to a heap-based buffer over-read or
possibly unspecified other impact.i1/4^CVE-2017-10989i1/4%0
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1275
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87172ab3");
script_set_attribute(attribute:"solution", value:
"Update the affected sqlite packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10989");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["sqlite-3.7.17-8.h3",
"sqlite-devel-3.7.17-8.h3"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
}
Related
openvas
openvas
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1275)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1713)
2020-01-23 00:00:00
Fedora Update for spatialite-tools FEDORA-2017-357f9df699
2017-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2017-10989
2017-07-07 00:00:00
CVE-2016-6153
2016-09-26 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1668)
2019-06-27 00:00:00
Debian DLA-1018-1 : sqlite3 security update
2017-07-10 00:00:00
Photon OS 1.0: Sqlite PHSA-2017-0025
2019-02-07 00:00:00
debian
debian
[SECURITY] [DLA 1018-1] sqlite3 security update
2017-07-09 08:06:24
[SECURITY] [DLA 543-1] sqlite3 security update
2016-07-06 02:44:24
[SECURITY] [DLA 3431-1] sqlite security update
2023-05-22 11:12:34
osv
osv
sqlite3 - security update
2017-07-09 00:00:00
CVE-2017-10989
2017-07-07 12:29:00
sqlite - security update
2023-05-22 00:00:00
nvd
nvd
CVE-2017-10989
2017-07-07 12:29:00
CVE-2016-6153
2016-09-26 16:59:03
redhatcve
redhatcve
CVE-2017-10989
2017-07-11 15:50:29
CVE-2016-6153
2016-07-04 08:18:39
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:21:03
freebsd
freebsd
sqlite3 -- heap-buffer overflow
2017-08-08 00:00:00
SQLite3 -- Tempdir Selection Vulnerability
2016-07-01 00:00:00
cve
cve
CVE-2017-10989
2017-07-07 12:29:00
CVE-2016-6153
2016-09-26 16:59:03
fedora
fedora
[SECURITY] Fedora 24 Update: sqlite-3.13.0-2.fc24
2017-07-17 01:51:00
[SECURITY] Fedora 26 Update: sqlite-3.19.3-1.fc26
2017-07-16 20:23:27
[SECURITY] Fedora 26 Update: spatialite-tools-4.3.0-23.fc26
2017-07-16 20:23:26
ibm
ibm
prion
prion
Heap overflow
2017-07-07 12:29:00
Design/Logic Flaw
2016-09-26 16:59:00
f5
f5
K000141088: SQLite vulnerability CVE-2017-10989
2024-09-18 00:00:00
cvelist
cvelist
CVE-2017-10989
2017-07-07 12:00:00
CVE-2016-6153
2016-09-26 00:00:00
alpinelinux
alpinelinux
CVE-2017-10989
2017-07-07 12:29:00
debiancve
debiancve
CVE-2017-10989
2017-07-07 12:29:00
CVE-2016-6153
2016-09-26 16:59:03
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2016-07-14 23:33:59
Updated sqlite3 packages fix security vulnerability
2017-08-03 22:05:47
Updated sqlite packages fix security vulnerability
2023-06-28 08:21:41
suse
suse
Security update for sqlite3 (moderate)
2019-05-22 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2019-06-19 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
photon
photon
cloudfoundry
cloudfoundry
USN-4019-1: SQLite vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
apple
apple
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
CPU July 2018
2018-07-17 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.009
Percentile
83.2%
Related for EULEROS_SA-2019-1275.NASL