Lucene search
Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5085-1.NASLHistorySep 22, 2021 - 12:00 a.m.
Ubuntu 21.04 : SQL parse vulnerability (USN-5085-1)
2021-09-2200:00:00
Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5085-1 advisory.
- sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of ‘\r\n’ in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don’t use the sqlformat.format function with keyword strip_comments=True or the --strip- comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. (CVE-2021-32839)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5085-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153573);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/17");
script_cve_id("CVE-2021-32839");
script_xref(name:"USN", value:"5085-1");
script_name(english:"Ubuntu 21.04 : SQL parse vulnerability (USN-5085-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5085-1
advisory.
- sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a
regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause
exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the
formatting feature that removes comments from SQL statements is affected by this regular expression. As a
workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-
comments command line flag when using the sqlformat command line tool. The issues has been fixed in
sqlparse 0.4.2. (CVE-2021-32839)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5085-1");
script_set_attribute(attribute:"solution", value:
"Update the affected python3-sqlparse and / or sqlformat packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-32839");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/20");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:21.04");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-sqlparse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sqlformat");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('audit.inc');
include('ubuntu.inc');
include('misc_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/Ubuntu/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
var release = chomp(release);
if (! preg(pattern:"^(21\.04)$", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 21.04', 'Ubuntu ' + release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '21.04', 'pkgname': 'python3-sqlparse', 'pkgver': '0.4.1-1ubuntu0.1'},
{'osver': '21.04', 'pkgname': 'sqlformat', 'pkgver': '0.4.1-1ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-sqlparse / sqlformat');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 21.04 | cpe:/o:canonical:ubuntu_linux:21.04 |
| canonical | ubuntu_linux | python3-sqlparse | p-cpe:/a:canonical:ubuntu_linux:python3-sqlparse |
| canonical | ubuntu_linux | sqlformat | p-cpe:/a:canonical:ubuntu_linux:sqlformat |
Related
nessus
nessus
openSUSE 15 Security Update : python-sqlparse (openSUSE-SU-2021:3857-1)
2021-12-02 00:00:00
SUSE SLED15 / SLES15 Security Update : python-sqlparse (SUSE-SU-2021:3857-1)
2021-12-02 00:00:00
Rocky Linux 8 : Satellite 6.11 Release (Moderate) (RLSA-2022:5498)
2023-11-06 00:00:00
github
github
osv
osv
PYSEC-2021-333
2021-09-20 17:15:00
CVE-2021-32839
2021-09-20 17:15:09
prion
prion
Design/Logic Flaw
2021-09-20 17:15:00
ubuntu
ubuntu
SQL parse vulnerability
2021-09-22 00:00:00
alpinelinux
alpinelinux
CVE-2021-32839
2021-09-20 17:15:00
cve
cve
CVE-2021-32839
2021-09-20 17:15:00
debiancve
debiancve
CVE-2021-32839
2021-09-20 17:15:00
suse
suse
Security update for python-sqlparse (moderate)
2021-12-01 00:00:00
redhatcve
redhatcve
CVE-2021-32839
2021-09-20 20:08:16
openvas
openvas
openSUSE: Security Advisory for python-sqlparse (openSUSE-SU-2021:3857-1)
2021-12-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3857-1)
2021-12-02 00:00:00
Ubuntu: Security Advisory (USN-5085-1)
2022-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2021-32839
2021-09-20 00:00:00
redhat
redhat
(RHSA-2022:5498) Moderate: Satellite 6.11 Release
2022-07-05 13:55:16
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16
Related for UBUNTU_USN-5085-1.NASL