Rocky Linux 8 with mariadb:10.3 has multiple vulnerabilities including unauthorized access and DOS attacks
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Moderate: mariadb:10.3 security and bug fix update | 26 Apr 202213:50 | – | osv |
![]() | Moderate: mariadb:10.5 security, bug fix, and enhancement update | 26 Apr 202213:50 | – | osv |
![]() | Red Hat Security Advisory: mariadb:10.3 security and bug fix update | 13 Sep 202423:16 | – | osv |
![]() | Red Hat Security Advisory: rh-mariadb103-mariadb security and bug fix update | 13 Sep 202423:15 | – | osv |
![]() | Red Hat Security Advisory: rh-mariadb105-mariadb security and bug fix update | 13 Sep 202423:15 | – | osv |
![]() | Red Hat Security Advisory: mariadb:10.3 security and bug fix update | 13 Sep 202423:17 | – | osv |
![]() | Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update | 13 Sep 202423:16 | – | osv |
![]() | Moderate: mariadb:10.5 security, bug fix, and enhancement update | 26 Apr 202213:50 | – | osv |
![]() | Moderate: mariadb:10.3 security and bug fix update | 26 Apr 202213:50 | – | osv |
![]() | mariadb-10.3, mariadb-10.5 vulnerabilities | 13 Aug 202113:03 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:1556.
##
include('compat.inc');
if (description)
{
script_id(185036);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/22");
script_cve_id(
"CVE-2021-2154",
"CVE-2021-2166",
"CVE-2021-2372",
"CVE-2021-2389",
"CVE-2021-35604",
"CVE-2021-46657",
"CVE-2021-46658",
"CVE-2021-46662",
"CVE-2021-46666",
"CVE-2021-46667",
"CVE-2022-21451",
"CVE-2022-27385",
"CVE-2022-31621",
"CVE-2022-31624"
);
script_xref(name:"RLSA", value:"2022:1556");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Rocky Linux 8 : mariadb:10.3 (RLSA-2022:1556)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:1556 advisory.
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-2154)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2021-2166)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2021-2372)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2021-2389)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of
MySQL Server accessible data. (CVE-2021-35604)
- get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER
BY. (CVE-2021-46657)
- save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect
handling of with_window_func=true for a subquery. (CVE-2021-46658)
- MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in
conjunction with a nested subquery. (CVE-2021-46662)
- MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING
clause to a WHERE clause. (CVE-2021-46666)
- MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. (CVE-2021-46667)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21451)
- An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server
v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted
SQL statements. (CVE-2022-27385)
- MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when
an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock
is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
(CVE-2022-31621)
- MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the
plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released
correctly, which allows local users to trigger a denial of service due to the deadlock. (CVE-2022-31624)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:1556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1951752");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1951755");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981332");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992303");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992309");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2049294");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2049305");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050514");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050532");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050533");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050550");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-35604");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/20");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:Judy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:Judy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:Judy-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:galera");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:galera-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:galera-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-backup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-backup-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-embedded-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-gssapi-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-gssapi-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-oqgraph-engine-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-server-galera");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-server-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-server-utils-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mariadb-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var module_ver = get_kb_item('Host/RockyLinux/appstream/mariadb');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');
if ('10.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);
var appstreams = {
'mariadb:10.3': [
{'reference':'galera-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'galera-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'galera-debuginfo-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'galera-debuginfo-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'galera-debugsource-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'galera-debugsource-25.3.34-4.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-debuginfo-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Judy-debugsource-1.0.5-18.module+el8.4.0+427+adf35707', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mariadb-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-backup-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-backup-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-common-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-common-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-debugsource-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-debugsource-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-devel-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-devel-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-devel-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-embedded-devel-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-errmsg-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-errmsg-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-gssapi-server-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-gssapi-server-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-gssapi-server-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-oqgraph-engine-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-galera-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-galera-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-utils-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-utils-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-server-utils-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-test-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-test-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'mariadb-test-debuginfo-10.3.32-2.module+el8.5.0+777+18007c86', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / Judy-debuginfo / Judy-debugsource / galera / etc');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo