Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4019-1.NASL
HistoryJun 20, 2019 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : SQLite vulnerabilities (USN-4019-1)

2019-06-2000:00:00
Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2518, CVE-2017-2520)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-20505)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937)

It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685)

It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2519).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4019-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(126065);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");

  script_cve_id(
    "CVE-2016-6153",
    "CVE-2017-10989",
    "CVE-2017-13685",
    "CVE-2017-2518",
    "CVE-2017-2519",
    "CVE-2017-2520",
    "CVE-2018-20346",
    "CVE-2018-20505",
    "CVE-2018-20506",
    "CVE-2019-8457",
    "CVE-2019-9936",
    "CVE-2019-9937"
  );
  script_xref(name:"USN", value:"4019-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : SQLite vulnerabilities (USN-4019-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code or
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2518, CVE-2017-2520)

It was discovered that SQLite incorrectly handled certain queries. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-20505)

It was discovered that SQLite incorrectly handled certain queries. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu
18.10. (CVE-2018-20346, CVE-2018-20506)

It was discovered that SQLite incorrectly handled certain inputs. An
attacker could possibly use this issue to access sensitive
information. (CVE-2019-8457)

It was discovered that SQLite incorrectly handled certain queries. An
attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 18.10. (CVE-2019-9936)

It was discovered that SQLite incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS and Ubuntu 18.10. (CVE-2019-9937)

It was discovered that SQLite incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153)

It was discovered that SQLite incorrectly handled certain databases.
An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-10989)

It was discovered that SQLite incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685)

It was discovered that SQLite incorrectly handled certain queries. An
attacker could possibly use this issue to execute arbitrary code or
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2017-2519).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4019-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-tcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqlite3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lemon");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'lemon', 'pkgver': '3.11.0-1ubuntu1.2'},
    {'osver': '16.04', 'pkgname': 'libsqlite3-0', 'pkgver': '3.11.0-1ubuntu1.2'},
    {'osver': '16.04', 'pkgname': 'libsqlite3-dev', 'pkgver': '3.11.0-1ubuntu1.2'},
    {'osver': '16.04', 'pkgname': 'libsqlite3-tcl', 'pkgver': '3.11.0-1ubuntu1.2'},
    {'osver': '16.04', 'pkgname': 'sqlite3', 'pkgver': '3.11.0-1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'lemon', 'pkgver': '3.22.0-1ubuntu0.1'},
    {'osver': '18.04', 'pkgname': 'libsqlite3-0', 'pkgver': '3.22.0-1ubuntu0.1'},
    {'osver': '18.04', 'pkgname': 'libsqlite3-dev', 'pkgver': '3.22.0-1ubuntu0.1'},
    {'osver': '18.04', 'pkgname': 'libsqlite3-tcl', 'pkgver': '3.22.0-1ubuntu0.1'},
    {'osver': '18.04', 'pkgname': 'sqlite3', 'pkgver': '3.22.0-1ubuntu0.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / libsqlite3-0 / libsqlite3-dev / libsqlite3-tcl / sqlite3');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibsqlite3-0p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0
canonicalubuntu_linuxlibsqlite3-devp-cpe:/a:canonical:ubuntu_linux:libsqlite3-dev
canonicalubuntu_linuxlibsqlite3-tclp-cpe:/a:canonical:ubuntu_linux:libsqlite3-tcl
canonicalubuntu_linuxsqlite3p-cpe:/a:canonical:ubuntu_linux:sqlite3
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlemonp-cpe:/a:canonical:ubuntu_linux:lemon

Related

openvas 34
cloudfoundry 1
ubuntu 4
redhatcve 7
threatpost 2
nessus 56
mageia 3
debian 4
osv 9
debiancve 9
fedora 10
suse 4
cve 10
ubuntucve 10
prion 9
ibm 12
gentoo 2
rosalinux 1
veracode 5
freebsd 2
alpinelinux 3
checkpoint_advisories 1
photon 1
openvas
openvas
Ubuntu Update for sqlite3 USN-4019-1
2019-06-20 00:00:00
Debian LTS: Security Advisory for sqlite3 (DLA-1633-1)
2019-01-14 00:00:00
Fedora Update for sqlite FEDORA-2019-02b81266b7
2019-07-27 00:00:00
cloudfoundry
cloudfoundry
USN-4019-1: SQLite vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2019-06-19 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
Berkeley DB vulnerability
2019-06-04 00:00:00
redhatcve
redhatcve
CVE-2018-20506
2019-05-17 04:22:11
CVE-2018-20505
2019-05-17 04:22:36
CVE-2018-20346
2019-01-03 06:49:37
threatpost
threatpost
DEF CON 2019: Researchers Demo Hacking Google Home for RCE
2019-08-09 15:47:32
Google Chrome Affected By Magellan 2.0 Flaws
2019-12-27 16:45:20
nessus
nessus
SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:0973-1)
2019-04-18 00:00:00
Debian DLA-1633-1 : sqlite3 security update
2019-01-14 00:00:00
SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:0913-1)
2019-04-10 00:00:00
mageia
mageia
Updated sqlite3 packages fix security vulnerabilities
2019-09-07 00:09:08
Updated sqlite3 packages fix security vulnerability
2018-12-27 02:08:41
Updated sqlite3 packages fix security vulnerability
2016-07-14 23:33:59
debian
debian
[SECURITY] [DLA 1633-1] sqlite3 security update
2019-01-11 18:48:51
[SECURITY] [DLA 1018-1] sqlite3 security update
2017-07-09 08:06:24
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
osv
osv
sqlite3 - security update
2019-01-11 00:00:00
sqlite3 - security update
2018-12-22 00:00:00
sqlite3 - security update
2020-08-22 00:00:00
debiancve
debiancve
CVE-2018-20506
2019-04-03 18:29:00
CVE-2017-13685
2017-08-29 06:29:00
CVE-2018-20505
2019-04-03 18:29:00
fedora
fedora
[SECURITY] Fedora 30 Update: sqlite-3.26.0-6.fc30
2019-07-27 01:40:44
[SECURITY] Fedora 29 Update: sqlite-3.26.0-4.fc29
2019-08-08 01:53:28
[SECURITY] Fedora 30 Update: sqlite-3.26.0-7.fc30
2019-12-05 01:12:09
suse
suse
Security update for sqlite3 (moderate)
2019-04-17 00:00:00
Security update for sqlite3 (moderate)
2019-05-10 00:00:00
Security update for sqlite3 (moderate)
2019-04-05 00:00:00
cve
cve
CVE-2018-20506
2019-04-03 18:29:00
CVE-2018-20505
2019-04-03 18:29:00
CVE-2017-10989
2017-07-07 12:29:00
ubuntucve
ubuntucve
CVE-2018-20506
2019-04-03 00:00:00
CVE-2018-20505
2019-04-03 00:00:00
CVE-2017-13685
2017-08-29 00:00:00
prion
prion
Integer overflow
2019-04-03 18:29:00
Code injection
2019-04-03 18:29:00
Code injection
2017-08-29 06:29:00
ibm
ibm
Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability
2019-07-01 17:25:02
Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local
2019-12-20 14:02:58
Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-20346
2019-05-10 14:33:22
gentoo
gentoo
SQLite: Multiple vulnerabilities
2019-08-15 00:00:00
SQLite: Remote code execution
2019-04-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
veracode
veracode
Integer Overflow
2020-12-06 04:42:55
Arbitrary Code Execution
2020-05-10 23:21:03
Arbitrary Code Execution
2020-12-06 04:38:06
freebsd
freebsd
sqlite3 -- heap-buffer overflow
2017-08-08 00:00:00
SQLite3 -- Tempdir Selection Vulnerability
2016-07-01 00:00:00
alpinelinux
alpinelinux
CVE-2017-10989
2017-07-07 12:29:00
CVE-2018-20346
2018-12-21 21:29:00
CVE-2019-8457
2019-05-30 16:29:00
checkpoint_advisories
checkpoint_advisories
SQLite FTS Integer Overflow (CVE-2018-20346)
2019-01-15 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0231
2019-05-03 00:00:00
JSON
Related for UBUNTU_USN-4019-1.NASL
openvas34cloudfoundry1ubuntu4redhatcve7threatpost2nessus56mageia3debian4osv9debiancve9fedora10suse4cve10ubuntucve10prion9ibm12gentoo2rosalinux1veracode5freebsd2alpinelinux3checkpoint_advisories1photon1