Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-F30298614A.NASLHistorySep 28, 2020 - 12:00 a.m.
Fedora 31 : perl-DBI (2020-f30298614a)
2020-09-2800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
This release fixes CVE-2020-14392 (a memory corruption in XS functions when Perl stack is reallocated), CVE-2019-20919 (a NULL profile dereference in dbi_profile()), a documentation that old API functions are vulnerable to an overflow, and CVE-2020-14393 (a buffer overlfow on an overlong DBD class name). It also adds a missing dependency on FileHandle Perl module.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-f30298614a.
#
include('compat.inc');
if (description)
{
script_id(140817);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");
script_cve_id("CVE-2019-20919", "CVE-2020-14392", "CVE-2020-14393");
script_xref(name:"FEDORA", value:"2020-f30298614a");
script_name(english:"Fedora 31 : perl-DBI (2020-f30298614a)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This release fixes CVE-2020-14392 (a memory corruption in XS functions
when Perl stack is reallocated), CVE-2019-20919 (a NULL profile
dereference in dbi_profile()), a documentation that old API functions
are vulnerable to an overflow, and CVE-2020-14393 (a buffer overlfow
on an overlong DBD class name). It also adds a missing dependency on
FileHandle Perl module.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f30298614a");
script_set_attribute(attribute:"solution", value:
"Update the affected perl-DBI package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14393");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/16");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-DBI");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"perl-DBI-1.643-3.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBI");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | perl-dbi | p-cpe:/a:fedoraproject:fedora:perl-dbi |
| fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
Related
openvas
openvas
Fedora: Security Advisory for perl-DBI (FEDORA-2020-f30298614a)
2020-09-26 00:00:00
Mageia: Security Advisory (MGASA-2021-0048)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2386-1)
2020-09-29 00:00:00
nessus
nessus
RHEL 6 : perl-dbi (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 5 : perl-dbi (Unpatched Vulnerability)
2024-05-11 00:00:00
Debian DLA-2386-1 : libdbi-perl security update
2020-09-29 00:00:00
mageia
mageia
Updated perl-DBI packages fix security vulnerabilities
2021-01-23 02:50:14
debian
debian
[SECURITY] [DLA 2386-1] libdbi-perl security update
2020-09-28 13:38:28
fedora
fedora
[SECURITY] Fedora 31 Update: perl-DBI-1.643-3.fc31
2020-09-25 17:47:38
osv
osv
libdbi-perl - security update
2020-09-28 00:00:00
CVE-2020-14392
2020-09-16 13:15:11
CVE-2020-14393
2020-09-16 14:15:12
gentoo
gentoo
Perl DBI: Multiple vulnerabilities
2020-09-13 00:00:00
suse
suse
Security update for perl-DBI (important)
2020-09-20 00:00:00
Security update for perl-DBI (important)
2020-09-22 00:00:00
Security update for perl-DBI (important)
2020-10-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:50:43
Denial Of Service (DoS)
2020-12-06 03:50:40
Denial Of Service (DoS)
2020-09-24 11:06:42
prion
prion
Null pointer dereference
2020-09-16 13:15:00
Buffer overflow
2020-09-16 14:15:00
Null pointer dereference
2020-09-17 18:15:00
ubuntu
ubuntu
Perl DBI module vulnerability
2020-09-16 00:00:00
Perl DBI module vulnerability
2020-09-23 00:00:00
Perl DBI module vulnerabilities
2022-02-03 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
CVE-2020-14393
2020-09-16 14:15:12
CVE-2020-14392
2020-09-16 13:15:11
cve
cve
redhatcve
redhatcve
cvelist
cvelist
nvd
nvd
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for FEDORA_2020-F30298614A.NASL