Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_MARIADB_CVE-2022-31621.NASL
HistoryMar 28, 2023 - 12:00 a.m.

CBL Mariner 2.0 Security Update: mariadb (CVE-2022-31621)

2023-03-2800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-31621 advisory.

  • MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
    (CVE-2022-31621)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(173504);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/28");

  script_cve_id("CVE-2022-31621");

  script_name(english:"CBL Mariner 2.0 Security Update: mariadb (CVE-2022-31621)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2022-31621 advisory.

  - MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when
    an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock
    is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
    (CVE-2022-31621)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-31621");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31621");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb-errmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:mariadb-server-galera");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MarinerOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);

if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);

var pkgs = [
    {'reference':'mariadb-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-debuginfo-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-debuginfo-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-devel-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-devel-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-errmsg-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-errmsg-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-server-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-server-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-server-galera-10.6.9-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mariadb-server-galera-10.6.9-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb / mariadb-debuginfo / mariadb-devel / mariadb-errmsg / etc');
}
VendorProductVersionCPE
microsoftcbl-marinermariadbp-cpe:/a:microsoft:cbl-mariner:mariadb
microsoftcbl-marinermariadb-debuginfop-cpe:/a:microsoft:cbl-mariner:mariadb-debuginfo
microsoftcbl-marinermariadb-develp-cpe:/a:microsoft:cbl-mariner:mariadb-devel
microsoftcbl-marinermariadb-errmsgp-cpe:/a:microsoft:cbl-mariner:mariadb-errmsg
microsoftcbl-marinermariadb-serverp-cpe:/a:microsoft:cbl-mariner:mariadb-server
microsoftcbl-marinermariadb-server-galerap-cpe:/a:microsoft:cbl-mariner:mariadb-server-galera
microsoftcbl-marinerx-cpe:/o:microsoft:cbl-mariner

Related

veracode 1
cbl_mariner 2
prion 1
debiancve 1
osv 5
ubuntucve 1
cve 1
redhatcve 1
openvas 4
alpinelinux 1
cnvd 1
nessus 10
rocky 2
redhat 5
rosalinux 1
gentoo 1
veracode
veracode
Denial Of Service (DoS)
2022-06-22 07:29:48
cbl_mariner
cbl_mariner
CVE-2022-31621 affecting package mariadb 10.3.34-1
2022-06-15 17:03:27
CVE-2022-31621 affecting package mariadb for versions less than 10.6.9-1
2022-09-07 19:51:44
prion
prion
Design/Logic Flaw
2022-05-25 21:15:00
debiancve
debiancve
CVE-2022-31621
2022-05-25 21:15:00
osv
osv
CVE-2022-31621
2022-05-25 21:15:08
BIT-mariadb-2022-31621
2024-03-06 10:58:12
BIT-mysql-client-2022-31621
2024-03-06 10:59:54
ubuntucve
ubuntucve
CVE-2022-31621
2022-05-25 00:00:00
cve
cve
CVE-2022-31621
2022-05-25 21:15:00
redhatcve
redhatcve
CVE-2022-31621
2022-06-01 10:22:24
openvas
openvas
MariaDB DoS Vulnerability (MDEV-26574) - Windows
2022-05-31 00:00:00
MariaDB DoS Vulnerability (MDEV-26574) - Linux
2022-05-31 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2022-2227)
2022-08-18 00:00:00
alpinelinux
alpinelinux
CVE-2022-31621
2022-05-25 21:15:00
cnvd
cnvd
MariaDB Server Denial of Service Vulnerability
2022-05-26 00:00:00
nessus
nessus
RHEL 7 : rh-mariadb105-mariadb (RHSA-2022:1007)
2022-03-23 00:00:00
RHEL 8 : mariadb:10.3 (RHSA-2022:4818)
2022-05-31 00:00:00
Rocky Linux 8 : mariadb:10.5 (RLSA-2022:1557)
2023-11-06 00:00:00
rocky
rocky
mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
redhat
redhat
(RHSA-2022:4818) Moderate: mariadb:10.3 security and bug fix update
2022-05-31 09:59:46
(RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update
2022-04-26 13:50:43
(RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update
2022-04-26 13:50:46
rosalinux
rosalinux
Advisory ROSA-SA-2023-2254
2023-10-21 15:52:51
gentoo
gentoo
MariaDB: Multiple Vulnerabilities
2024-05-08 00:00:00
JSON
Related for MARINER_MARIADB_CVE-2022-31621.NASL
veracode1cbl_mariner2prion1debiancve1osv5ubuntucve1cve1redhatcve1openvas4alpinelinux1cnvd1nessus10rocky2redhat5rosalinux1gentoo1