7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.003 Low
EPSS
Percentile
68.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2018.0269");
script_cve_id("CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-04-25 16:18:09 +0000 (Wed, 25 Apr 2018)");
script_name("Mageia: Security Advisory (MGASA-2018-0269)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA6");
script_xref(name:"Advisory-ID", value:"MGASA-2018-0269");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2018-0269.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=22607");
script_xref(name:"URL", value:"https://mariadb.com/kb/en/library/mariadb-10131-release-notes/");
script_xref(name:"URL", value:"https://mariadb.com/kb/en/library/mariadb-10132-release-notes/");
script_xref(name:"URL", value:"https://mariadb.com/kb/en/library/mariadb-10133-release-notes/");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mariadb' package(s) announced via the MGASA-2018-0269 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Updated mariadb packages fix security vulnerabilities:
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
Partition). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
as well as unauthorized update, insert or delete access to some of MariaDB
Server accessible data (CVE-2018-2562).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
DDL). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2622).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
Optimizer). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2640).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
Optimizer). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2665).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
Optimizer). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2668).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all MariaDB Server accessible data and
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MariaDB Server (CVE-2018-2612).
Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Replication). Difficult to exploit vulnerability allows
unauthenticated attacker with logon to the infrastructure where MariaDB Server
executes to compromise MariaDB Server. ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'mariadb' package(s) on Mageia 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA6") {
if(!isnull(res = isrpmvuln(pkg:"lib64mariadb-devel", rpm:"lib64mariadb-devel~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mariadb-embedded-devel", rpm:"lib64mariadb-embedded-devel~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mariadb-embedded18", rpm:"lib64mariadb-embedded18~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mariadb18", rpm:"lib64mariadb18~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmariadb-devel", rpm:"libmariadb-devel~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmariadb-embedded-devel", rpm:"libmariadb-embedded-devel~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmariadb-embedded18", rpm:"libmariadb-embedded18~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmariadb18", rpm:"libmariadb18~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb", rpm:"mariadb~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-bench", rpm:"mariadb-bench~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-cassandra", rpm:"mariadb-cassandra~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-client", rpm:"mariadb-client~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-common", rpm:"mariadb-common~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-common-core", rpm:"mariadb-common-core~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-connect", rpm:"mariadb-connect~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-core", rpm:"mariadb-core~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-extra", rpm:"mariadb-extra~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-feedback", rpm:"mariadb-feedback~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-mroonga", rpm:"mariadb-mroonga~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-obsolete", rpm:"mariadb-obsolete~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-sequence", rpm:"mariadb-sequence~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-sphinx", rpm:"mariadb-sphinx~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mariadb-spider", rpm:"mariadb-spider~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-MariaDB", rpm:"mysql-MariaDB~10.1.33~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
advisories.mageia.org/MGASA-2018-0269.html
bugs.mageia.org/show_bug.cgi?id=22607
mariadb.com/kb/en/library/mariadb-10131-release-notes/
mariadb.com/kb/en/library/mariadb-10132-release-notes/
mariadb.com/kb/en/library/mariadb-10133-release-notes/
MGASA-2018-0269
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.003 Low
EPSS
Percentile
68.3%