Lucene search
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6832-1.NASLHistoryJun 13, 2024 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)
2024-06-1300:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
ubuntu
virtuoso
sql statements
denial of service
cve-2023-31607
cve-2023-31608
cve-2023-31609
cve-2023-31610
cve-2023-31611
cve-2023-31616
cve-2023-31617
cve-2023-31618
cve-2023-31619
cve-2023-31623
cve-2023-31625
cve-2023-31628
tenable
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
33.5%
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory.
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611, CVE-2023-31616, CVE-2023-31617, CVE-2023-31618, CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-31612, CVE-2023-31613, CVE-2023-31614, CVE-2023-31615)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6832-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(200473);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/13");
script_cve_id(
"CVE-2023-31607",
"CVE-2023-31608",
"CVE-2023-31609",
"CVE-2023-31610",
"CVE-2023-31611",
"CVE-2023-31612",
"CVE-2023-31613",
"CVE-2023-31614",
"CVE-2023-31615",
"CVE-2023-31616",
"CVE-2023-31617",
"CVE-2023-31618",
"CVE-2023-31619",
"CVE-2023-31623",
"CVE-2023-31625",
"CVE-2023-31628"
);
script_xref(name:"USN", value:"6832-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are
affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory.
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL
statements. An attacker could possibly use this issue to crash the program, resulting in a denial of
service. (CVE-2023-31607, CVE-2023-31608, CVE-2023-31609, CVE-2023-31610, CVE-2023-31611, CVE-2023-31616,
CVE-2023-31617, CVE-2023-31618, CVE-2023-31619, CVE-2023-31623, CVE-2023-31625, CVE-2023-31628)
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL
statements. An attacker could possibly use this issue to crash the program, resulting in a denial of
service. This issue only affects Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-31612,
CVE-2023-31613, CVE-2023-31614, CVE-2023-31615)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6832-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-31628");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/15");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirtodbc0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirtuoso5.5-cil");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-minimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-6.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-6.1-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-6.1-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-7-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource-7-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-bpel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-conductor");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-isparql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-ods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-rdfmappers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-sparqldemo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-syncml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vad-tutorial");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:virtuoso-vsp-startpage");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '23.10' >< os_release || '24.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04 / 23.10 / 24.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'libvirtodbc0', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-minimal', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-opensource', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-opensource-6.1', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-opensource-6.1-bin', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-opensource-6.1-common', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-server', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '16.04', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '6.1.6+repack-0ubuntu5+esm1'},
{'osver': '18.04', 'pkgname': 'libvirtodbc0', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-minimal', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-opensource', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-opensource-6.1', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-opensource-6.1-bin', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-opensource-6.1-common', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-server', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '18.04', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '6.1.6+repack-0ubuntu9+esm1'},
{'osver': '20.04', 'pkgname': 'libvirtodbc0', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-minimal', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-opensource', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-opensource-6.1', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-opensource-6.1-bin', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-opensource-6.1-common', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-server', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '20.04', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '6.1.6+repack-0ubuntu10+esm1'},
{'osver': '22.04', 'pkgname': 'libvirtodbc0', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-minimal', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-opensource', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-opensource-7', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-opensource-7-bin', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-opensource-7-common', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-server', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '22.04', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '7.2.5.1+dfsg1-0.2ubuntu0.1~esm1'},
{'osver': '23.10', 'pkgname': 'libvirtodbc0', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-minimal', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-opensource', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-opensource-7', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-opensource-7-bin', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-opensource-7-common', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-server', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '23.10', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '7.2.5.1+dfsg1-0.3ubuntu1.1'},
{'osver': '24.04', 'pkgname': 'libvirtodbc0', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'libvirtuoso5.5-cil', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-minimal', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-opensource', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-opensource-7', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-opensource-7-bin', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-opensource-7-common', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-server', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-bpel', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-conductor', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-demo', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-isparql', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-ods', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-rdfmappers', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-sparqldemo', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-syncml', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vad-tutorial', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'},
{'osver': '24.04', 'pkgname': 'virtuoso-vsp-startpage', 'pkgver': '7.2.5.1+dfsg1-0.8ubuntu0.1~esm1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvirtodbc0 / libvirtuoso5.5-cil / virtuoso-minimal / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | 20.04 | cpe:/o:canonical:ubuntu_linux:20.04:-:lts |
| canonical | ubuntu_linux | 22.04 | cpe:/o:canonical:ubuntu_linux:22.04:-:lts |
| canonical | ubuntu_linux | 23.10 | cpe:/o:canonical:ubuntu_linux:23.10 |
| canonical | ubuntu_linux | 24.04 | cpe:/o:canonical:ubuntu_linux:24.04:-:lts |
| canonical | ubuntu_linux | libvirtodbc0 | p-cpe:/a:canonical:ubuntu_linux:libvirtodbc0 |
| canonical | ubuntu_linux | libvirtuoso5.5-cil | p-cpe:/a:canonical:ubuntu_linux:libvirtuoso5.5-cil |
| canonical | ubuntu_linux | virtuoso-minimal | p-cpe:/a:canonical:ubuntu_linux:virtuoso-minimal |
| canonical | ubuntu_linux | virtuoso-opensource | p-cpe:/a:canonical:ubuntu_linux:virtuoso-opensource |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31628
ubuntu.com/security/notices/USN-6832-1
Related
osv
osv
virtuoso-opensource vulnerabilities
2024-06-13 08:32:09
CVE-2023-31619
2023-05-15 15:15:12
CVE-2023-31608
2023-05-15 15:15:11
openvas
openvas
Ubuntu: Security Advisory (USN-6832-1)
2024-06-14 00:00:00
nessus
nessus
Amazon Linux 2 : virtuoso-opensource (ALAS-2023-2360)
2023-12-04 00:00:00
RHEL 7 : virtuoso-opensource (Unpatched Vulnerability)
2024-05-11 00:00:00
amazon
amazon
Medium: virtuoso-opensource
2023-11-29 22:19:00
prion
prion
Design/Logic Flaw
2023-05-15 15:15:00
Design/Logic Flaw
2023-05-15 15:15:00
Information disclosure
2023-05-15 15:15:00
nvd
nvd
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
cvelist
cvelist
veracode
veracode
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
33.5%
Related for UBUNTU_USN-6832-1.NASL