Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2021-1675.NASLHistoryNov 06, 2023 - 12:00 a.m.
Rocky Linux 8 : libdb (RLSA-2021:1675)
2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
rocky linux 8
libdb
vulnerability
rlsa-2021:1675
oracle berkeley db
data store
exploitation
low privileged attacker
denial of service
cve-2019-2708
nessus scanner
version number
5.7 Medium
AI Score
Confidence
Low
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1675 advisory.
- Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. (CVE-2019-2708)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2021:1675.
##
include('compat.inc');
if (description)
{
script_id(184558);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id("CVE-2019-2708");
script_xref(name:"RLSA", value:"2021:1675");
script_name(english:"Rocky Linux 8 : libdb (RLSA-2021:1675)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
RLSA-2021:1675 advisory.
- Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are
Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low
privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store
executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Data Store. (CVE-2019-2708)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2021:1675");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1853242");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2708");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-cxx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-cxx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-cxx-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-devel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-sql-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:libdb-utils-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'libdb-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-debuginfo-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-debuginfo-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-debuginfo-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-devel-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-devel-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-cxx-devel-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debuginfo-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debuginfo-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debuginfo-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debugsource-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debugsource-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-debugsource-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-devel-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-devel-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-devel-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-devel-doc-5.3.28-40.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-debuginfo-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-debuginfo-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-debuginfo-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-debuginfo-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-debuginfo-5.3.28-40.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-sql-devel-debuginfo-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-utils-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-utils-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-utils-debuginfo-5.3.28-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdb-utils-debuginfo-5.3.28-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libdb / libdb-cxx / libdb-cxx-debuginfo / libdb-cxx-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocky | linux | libdb | p-cpe:/a:rocky:linux:libdb |
| rocky | linux | libdb-cxx | p-cpe:/a:rocky:linux:libdb-cxx |
| rocky | linux | libdb-cxx-debuginfo | p-cpe:/a:rocky:linux:libdb-cxx-debuginfo |
| rocky | linux | libdb-cxx-devel | p-cpe:/a:rocky:linux:libdb-cxx-devel |
| rocky | linux | libdb-debuginfo | p-cpe:/a:rocky:linux:libdb-debuginfo |
| rocky | linux | libdb-debugsource | p-cpe:/a:rocky:linux:libdb-debugsource |
| rocky | linux | libdb-devel | p-cpe:/a:rocky:linux:libdb-devel |
| rocky | linux | libdb-devel-doc | p-cpe:/a:rocky:linux:libdb-devel-doc |
| rocky | linux | libdb-sql | p-cpe:/a:rocky:linux:libdb-sql |
| rocky | linux | libdb-sql-debuginfo | p-cpe:/a:rocky:linux:libdb-sql-debuginfo |
Related
redhatcve
redhatcve
CVE-2019-2708
2020-07-02 09:20:42
nessus
nessus
EulerOS Virtualization 3.0.6.6 : libdb (EulerOS-SA-2022-2511)
2022-10-09 00:00:00
Fedora 33 : libdb (2020-62d2ff9fa8)
2020-12-16 00:00:00
AlmaLinux 8 : libdb (ALSA-2021:1675)
2022-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-05-21 14:01:38
osv
osv
Low: libdb security update
2021-05-18 05:48:41
Low: libdb security update
2021-05-18 05:48:41
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4289-1)
2022-11-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4214-1)
2022-11-25 00:00:00
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2274)
2022-08-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-2708 affecting package libdb 5.3.28-6
2022-04-26 19:57:55
CVE-2019-2708 affecting package libdb 5.3.28-6
2021-10-05 03:00:59
CVE-2019-2708 affecting package libdb 5.3.28-7
2024-03-19 17:21:46
oraclelinux
oraclelinux
libdb security update
2021-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: libdb-5.3.28-45.fc33
2020-12-16 01:43:18
prion
prion
Code injection
2019-04-23 19:32:00
cve
cve
CVE-2019-2708
2019-04-23 19:32:00
mageia
mageia
Updated db53 packages fix a security vulnerability
2021-01-29 22:05:33
redhat
redhat
(RHSA-2021:1675) Low: libdb security update
2021-05-18 05:48:41
(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0
2021-07-13 16:31:04
rocky
rocky
libdb security update
2021-05-18 05:48:41
almalinux
almalinux
Low: libdb security update
2021-05-18 05:48:41
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00