This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1180.NASLEulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.046 Low
EPSS
Percentile
92.6%
According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.(CVE-2019-19926)
-
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).(CVE-2019-19923)
-
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924)
-
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.(CVE-2019-19925)
-
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.(CVE-2019-9936)
-
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.(CVE-2019-9937)
-
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218)
-
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded ‘\0’ characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.(CVE-2019-19959)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134014);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2019-19923",
"CVE-2019-19924",
"CVE-2019-19925",
"CVE-2019-19926",
"CVE-2019-19959",
"CVE-2019-20218",
"CVE-2019-9936",
"CVE-2019-9937"
);
script_name(english:"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the sqlite packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- multiSelect in select.c in SQLite 3.30.1 mishandles
certain errors during parsing, as demonstrated by
errors from sqlite3WindowRewrite() calls. NOTE: this
vulnerability exists because of an incomplete fix for
CVE-2019-19880.(CVE-2019-19926)
- flattenSubquery in select.c in SQLite 3.30.1 mishandles
certain uses of SELECT DISTINCT involving a LEFT JOIN
in which the right-hand side is a view. This can cause
a NULL pointer dereference (or incorrect
results).(CVE-2019-19923)
- SQLite 3.30.1 mishandles certain parser-tree rewriting,
related to expr.c, vdbeaux.c, and window.c. This is
caused by incorrect sqlite3WindowRewrite() error
handling.(CVE-2019-19924)
- zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1
mishandles a NULL pathname during an update of a ZIP
archive.(CVE-2019-19925)
- In SQLite 3.27.2, running fts5 prefix queries inside a
transaction could trigger a heap-based buffer over-read
in fts5HashEntrySort in sqlite3.c, which may lead to an
information leak. This is related to
ext/fts5/fts5_hash.c.(CVE-2019-9936)
- In SQLite 3.27.2, interleaving reads and writes in a
single transaction with an fts5 virtual table will lead
to a NULL Pointer Dereference in fts5ChunkIterate in
sqlite3.c. This is related to ext/fts5/fts5_hash.c and
ext/fts5/fts5_index.c.(CVE-2019-9937)
- selectExpander in select.c in SQLite 3.30.1 proceeds
with WITH stack unwinding even after a parsing
error.(CVE-2019-20218)
- ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain
uses of INSERT INTO in situations involving embedded
'\0' characters in filenames, leading to a
memory-management error that can be detected by (for
example) valgrind.(CVE-2019-19959)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1180
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0306fd0");
script_set_attribute(attribute:"solution", value:
"Update the affected sqlite packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9936");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["sqlite-3.24.0-2.h10.eulerosv2r8",
"sqlite-devel-3.24.0-2.h10.eulerosv2r8",
"sqlite-doc-3.24.0-2.h10.eulerosv2r8",
"sqlite-libs-3.24.0-2.h10.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | sqlite | p-cpe:/a:huawei:euleros:sqlite |
| huawei | euleros | sqlite-devel | p-cpe:/a:huawei:euleros:sqlite-devel |
| huawei | euleros | sqlite-doc | p-cpe:/a:huawei:euleros:sqlite-doc |
| huawei | euleros | sqlite-libs | p-cpe:/a:huawei:euleros:sqlite-libs |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937
www.nessus.org/u?d0306fd0
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.046 Low
EPSS
Percentile
92.6%