Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1303.NASL
HistorySep 27, 2018 - 12:00 a.m.

EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)

2018-09-2700:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
112

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.5%

JSON

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)

  • mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)

  • mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

  • mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)

  • mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)

  • mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(117746);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/03");

  script_cve_id(
    "CVE-2017-3636",
    "CVE-2017-3641",
    "CVE-2017-3651",
    "CVE-2017-3653",
    "CVE-2017-10268",
    "CVE-2017-10378",
    "CVE-2017-10379",
    "CVE-2017-10384",
    "CVE-2018-2622",
    "CVE-2018-2640",
    "CVE-2018-2665",
    "CVE-2018-2668",
    "CVE-2018-2755",
    "CVE-2018-2761",
    "CVE-2018-2767",
    "CVE-2018-2771",
    "CVE-2018-2781",
    "CVE-2018-2813",
    "CVE-2018-2817",
    "CVE-2018-2819"
  );

  script_name(english:"EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the mariadb packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - mysql: Client programs unspecified vulnerability (CPU
    Jul 2017) (CVE-2017-3636)

  - mysql: Server: DML unspecified vulnerability (CPU Jul
    2017) (CVE-2017-3641)

  - mysql: Client mysqldump unspecified vulnerability (CPU
    Jul 2017) (CVE-2017-3651)

  - mysql: Server: Replication unspecified vulnerability
    (CPU Oct 2017) (CVE-2017-10268)

  - mysql: Server: Optimizer unspecified vulnerability (CPU
    Oct 2017) (CVE-2017-10378)

  - mysql: Client programs unspecified vulnerability (CPU
    Oct 2017) (CVE-2017-10379)

  - mysql: Server: DDL unspecified vulnerability (CPU Oct
    2017) (CVE-2017-10384)

  - mysql: Server: DDL unspecified vulnerability (CPU Jan
    2018) (CVE-2018-2622)

  - mysql: Server: Optimizer unspecified vulnerability (CPU
    Jan 2018) (CVE-2018-2640)

  - mysql: Server: Optimizer unspecified vulnerability (CPU
    Jan 2018) (CVE-2018-2665)

  - mysql: Server: Optimizer unspecified vulnerability (CPU
    Jan 2018) (CVE-2018-2668)

  - mysql: Server: Replication unspecified vulnerability
    (CPU Apr 2018) (CVE-2018-2755)

  - mysql: Client programs unspecified vulnerability (CPU
    Apr 2018) (CVE-2018-2761)

  - mysql: Server: Locking unspecified vulnerability (CPU
    Apr 2018) (CVE-2018-2771)

  - mysql: Server: Optimizer unspecified vulnerability (CPU
    Apr 2018) (CVE-2018-2781)

  - mysql: Server: DDL unspecified vulnerability (CPU Apr
    2018) (CVE-2018-2813)

  - mysql: Server: DDL unspecified vulnerability (CPU Apr
    2018) (CVE-2018-2817)

  - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2819)

  - mysql: Server: DDL unspecified vulnerability (CPU Jul
    2017) (CVE-2017-3653)

  - mysql: use of SSL/TLS not enforced in libmysqld (Return
    of BACKRONYM) (CVE-2018-2767)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1303
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2c6e7adc");
  script_set_attribute(attribute:"solution", value:
"Update the affected mariadb packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3636");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["mariadb-5.5.60-1",
        "mariadb-bench-5.5.60-1",
        "mariadb-devel-5.5.60-1",
        "mariadb-libs-5.5.60-1",
        "mariadb-server-5.5.60-1",
        "mariadb-test-5.5.60-1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
}
VendorProductVersionCPE
huaweieulerosmariadbp-cpe:/a:huawei:euleros:mariadb
huaweieulerosmariadb-benchp-cpe:/a:huawei:euleros:mariadb-bench
huaweieulerosmariadb-develp-cpe:/a:huawei:euleros:mariadb-devel
huaweieulerosmariadb-libsp-cpe:/a:huawei:euleros:mariadb-libs
huaweieulerosmariadb-serverp-cpe:/a:huawei:euleros:mariadb-server
huaweieulerosmariadb-testp-cpe:/a:huawei:euleros:mariadb-test
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

References

Related

openvas 55
nessus 78
amazon 5
oraclelinux 1
ibm 1
centos 1
redhat 3
osv 11
debian 17
ubuntu 3
suse 6
mageia 6
altlinux 3
slackware 4
fedora 3
f5 1
rosalinux 1
openvas
openvas
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1346)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1303)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1337)
2020-01-23 00:00:00
nessus
nessus
Amazon Linux 2 : mariadb (ALAS-2018-1078)
2018-09-19 00:00:00
EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)
2018-10-26 00:00:00
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)
2018-08-17 00:00:00
amazon
amazon
Medium: mariadb
2018-09-12 22:57:00
Medium: mysql55
2017-12-05 21:54:00
Medium: mysql55
2018-05-25 18:26:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-12-17 14:30:02
centos
centos
mariadb security update
2018-08-21 01:08:00
redhat
redhat
(RHSA-2018:2439) Moderate: mariadb security and bug fix update
2018-08-16 12:46:48
(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update
2018-09-19 17:36:53
(RHSA-2018:1254) Moderate: rh-mysql56-mysql security update
2018-04-26 06:59:23
osv
osv
mysql-5.5 - security update
2017-10-19 00:00:00
mariadb-10.0 - security update
2018-06-29 00:00:00
mysql-5.5 - security update
2017-10-19 00:00:00
debian
debian
[SECURITY] [DLA 1141-1] mysql-5.5 security update
2017-10-19 18:15:56
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
ubuntu
ubuntu
MySQL vulnerabilities
2017-10-30 00:00:00
MySQL vulnerabilities
2018-04-25 00:00:00
MySQL vulnerabilities
2018-01-25 00:00:00
suse
suse
Security update for mysql (important)
2017-11-11 00:07:25
Security update for mariadb (important)
2018-03-15 21:07:44
Security update for mariadb (important)
2018-06-23 03:12:07
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-06-04 18:11:47
Updated mariadb packages fix security vulnerabilities
2017-09-07 12:07:16
Updated mariadb packages fix security vulnerabilities
2018-05-29 22:41:14
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.26-alt1
2017-09-14 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
slackware
slackware
[slackware-security] mariadb
2018-05-10 21:14:32
[slackware-security] mariadb
2017-09-08 18:06:32
[slackware-security] mariadb
2018-02-01 18:52:40
fedora
fedora
[SECURITY] Fedora 27 Update: mariadb-10.2.13-2.fc27
2018-03-13 23:26:09
[SECURITY] Fedora 28 Update: mariadb-10.2.13-2.fc28
2018-03-30 13:29:13
[SECURITY] Fedora 26 Update: mariadb-10.1.32-1.fc26
2018-04-02 12:34:31
f5
f5
K40317110 : MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
2017-10-27 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2250
2023-10-21 13:39:47

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.5%

JSON
Related for EULEROS_SA-2018-1303.NASL
openvas55nessus78amazon5oraclelinux1ibm1centos1redhat3osv11debian17ubuntu3suse6mageia6altlinux3slackware4fedora3f51rosalinux1