Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2518.NASL
HistoryOct 09, 2022 - 12:00 a.m.

EulerOS Virtualization 3.0.6.6 : mariadb (EulerOS-SA-2022-2518)

2022-10-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. (CVE-2021-46657)

  • MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). (CVE-2021-46661)

  • MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. (CVE-2021-46662)

  • MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
    (CVE-2021-46663)

  • MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. (CVE-2021-46665)

  • MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. (CVE-2021-46666)

  • MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)

  • MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
    (CVE-2021-46668)

  • MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)

  • MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. (CVE-2022-27386)

  • MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)

  • MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)

  • MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165870);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");

  script_cve_id(
    "CVE-2021-46657",
    "CVE-2021-46661",
    "CVE-2021-46662",
    "CVE-2021-46663",
    "CVE-2021-46665",
    "CVE-2021-46666",
    "CVE-2021-46667",
    "CVE-2021-46668",
    "CVE-2022-27383",
    "CVE-2022-27386",
    "CVE-2022-27455",
    "CVE-2022-27457",
    "CVE-2022-31624"
  );

  script_name(english:"EulerOS Virtualization 3.0.6.6 : mariadb (EulerOS-SA-2022-2518)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

  - get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER
    BY. (CVE-2021-46657)

  - MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an
    unused common table expression (CTE). (CVE-2021-46661)

  - MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in
    conjunction with a nested subquery. (CVE-2021-46662)

  - MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
    (CVE-2021-46663)

  - MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables
    expectations. (CVE-2021-46665)

  - MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING
    clause to a WHERE clause. (CVE-2021-46666)

  - MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)

  - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that
    improperly interact with storage-engine resource limitations for temporary data structures.
    (CVE-2021-46668)

  - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component
    my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. (CVE-2022-27383)

  - MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component
    sql/sql_class.cc. (CVE-2022-27386)

  - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
    my_wildcmp_8bit_impl at /strings/ctype-simple.c. (CVE-2022-27455)

  - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component
    my_mb_wc_latin1 at /strings/ctype-latin1.c. (CVE-2022-27457)

  - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the
    plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released
    correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2518
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5a6b324");
  script_set_attribute(attribute:"solution", value:
"Update the affected mariadb packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-27457");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "mariadb-5.5.66-1.h6.eulerosv2r7",
  "mariadb-bench-5.5.66-1.h6.eulerosv2r7",
  "mariadb-devel-5.5.66-1.h6.eulerosv2r7",
  "mariadb-libs-5.5.66-1.h6.eulerosv2r7",
  "mariadb-server-5.5.66-1.h6.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
}
VendorProductVersionCPE
huaweieulerosmariadbp-cpe:/a:huawei:euleros:mariadb
huaweieulerosmariadb-benchp-cpe:/a:huawei:euleros:mariadb-bench
huaweieulerosmariadb-develp-cpe:/a:huawei:euleros:mariadb-devel
huaweieulerosmariadb-libsp-cpe:/a:huawei:euleros:mariadb-libs
huaweieulerosmariadb-serverp-cpe:/a:huawei:euleros:mariadb-server
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.6

Related

openvas 40
nessus 49
amazon 1
slackware 1
freebsd 1
photon 5
fedora 5
rosalinux 1
suse 4
almalinux 2
oraclelinux 2
redhat 5
rocky 2
ubuntu 1
osv 23
mageia 1
cve 6
cbl_mariner 12
mariadbunix 4
ubuntucve 7
redhatcve 5
veracode 6
prion 5
debiancve 5
cnvd 3
alpinelinux 3
openvas
openvas
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2023-1704)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2022-2518)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2023-1071)
2023-01-09 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.2.0 : mariadb (EulerOS-SA-2023-1704)
2023-05-07 00:00:00
EulerOS Virtualization 3.0.2.6 : mariadb (EulerOS-SA-2023-1071)
2023-01-06 00:00:00
EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-1543)
2022-04-25 00:00:00
amazon
amazon
Medium: mariadb
2023-05-25 17:41:00
slackware
slackware
[slackware-security] mariadb
2022-02-14 00:21:31
freebsd
freebsd
MariaDB -- Multiple vulnerabilities
2022-02-12 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0447
2022-03-03 00:00:00
Important Photon OS Security Update - PHSA-2022-0367
2022-03-07 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0367
2022-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: galera-26.4.11-1.fc36
2022-05-07 05:15:12
[SECURITY] Fedora 34 Update: mariadb-10.5.15-1.fc34
2022-05-08 02:04:10
[SECURITY] Fedora 36 Update: mariadb-10.5.15-1.fc36
2022-05-07 05:15:12
rosalinux
rosalinux
Advisory ROSA-SA-2023-2252
2023-10-21 15:06:32
suse
suse
Security update for mariadb (important)
2022-03-04 00:00:00
Security update for mariadb (important)
2022-03-04 00:00:00
Security update for mariadb (important)
2022-04-29 00:00:00
almalinux
almalinux
Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
oraclelinux
oraclelinux
mariadb:10.5 security, bug fix, and enhancement update
2022-05-03 00:00:00
mariadb:10.3 security and bug fix update
2022-04-28 00:00:00
redhat
redhat
(RHSA-2022:4818) Moderate: mariadb:10.3 security and bug fix update
2022-05-31 09:59:46
(RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
(RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
rocky
rocky
mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
ubuntu
ubuntu
MariaDB vulnerabilities
2022-02-28 00:00:00
osv
osv
mariadb-10.3, mariadb-10.5 vulnerabilities
2022-02-28 12:28:20
Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
mageia
mageia
Updated mariadb packages fix security vulnerability
2022-02-18 03:14:24
cve
cve
CVE-2022-31624
2022-05-25 21:15:00
CVE-2021-46666
2022-02-01 02:15:00
CVE-2021-46662
2022-02-01 02:15:00
cbl_mariner
cbl_mariner
CVE-2022-31624 affecting package mariadb 10.6.8-1
2022-09-07 19:51:44
CVE-2021-46662 affecting package mariadb 10.3.28-3
2022-04-09 06:52:52
CVE-2021-46662 affecting package mariadb 10.3.32-1
2022-03-10 23:47:43
mariadbunix
mariadbunix
CVE-2021-46666
2022-02-01 02:15:00
CVE-2022-31624
2022-05-25 21:15:00
CVE-2021-46662
2022-02-01 02:15:00
ubuntucve
ubuntucve
CVE-2022-31624
2022-05-25 00:00:00
CVE-2021-46667
2022-02-01 00:00:00
CVE-2021-46657
2022-01-29 00:00:00
redhatcve
redhatcve
CVE-2021-46667
2022-02-03 05:15:22
CVE-2021-46666
2022-02-03 05:15:20
CVE-2022-31624
2022-06-01 10:52:26
veracode
veracode
Denial Of Service (DoS)
2022-05-25 05:03:07
Denial Of Service (DoS)
2022-06-02 22:49:24
Denial Of Service (DoS)
2022-03-19 08:39:10
prion
prion
Code injection
2022-02-01 02:15:00
Design/Logic Flaw
2022-04-14 13:15:00
Design/Logic Flaw
2022-02-01 02:15:00
debiancve
debiancve
CVE-2021-46666
2022-02-01 02:15:00
CVE-2022-31624
2022-05-25 21:15:00
CVE-2021-46662
2022-02-01 02:15:00
cnvd
cnvd
MariaDB Server Denial of Service Vulnerability (CNVD-2022-65345)
2022-05-26 00:00:00
MariaDB Denial of Service Vulnerability (CNVD-2022-65010)
2022-02-10 00:00:00
MariaDB Denial of Service Vulnerability (CNVD-2022-65012)
2022-02-10 00:00:00
alpinelinux
alpinelinux
CVE-2022-31624
2022-05-25 21:15:00
CVE-2021-46662
2022-02-01 02:15:00
CVE-2021-46667
2022-02-01 02:15:00
JSON
Related for EULEROS_SA-2022-2518.NASL
openvas40nessus49amazon1slackware1freebsd1photon5fedora5rosalinux1suse4almalinux2oraclelinux2redhat5rocky2ubuntu1osv23mageia1cve6cbl_mariner12mariadbunix4ubuntucve7redhatcve5veracode6prion5debiancve5cnvd3alpinelinux3