7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.4%
MariaDB 10.2.13
Release notes :
https://mariadb.com/kb/en/library/mariadb-10213-release-notes/
CVEs fixed :
CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668
Bugs fixed :
POSTIN scriplets fix for:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a4dc47afe
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2018-83bbd0c22f.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(120576);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/02");
script_cve_id(
"CVE-2018-2562",
"CVE-2018-2612",
"CVE-2018-2622",
"CVE-2018-2640",
"CVE-2018-2665",
"CVE-2018-2668"
);
script_xref(name:"FEDORA", value:"2018-83bbd0c22f");
script_name(english:"Fedora 28 : 3:mariadb (2018-83bbd0c22f)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"**MariaDB 10.2.13**
Release notes :
https://mariadb.com/kb/en/library/mariadb-10213-release-notes/
CVEs fixed :
CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665
CVE-2018-2668
Bugs fixed :
POSTIN scriplets fix for:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a4dc47afe
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a4dc47afe");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-83bbd0c22f");
script_set_attribute(attribute:"solution", value:
"Update the affected 3:mariadb package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2612");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-2562");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:3:mariadb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC28", reference:"mariadb-10.2.13-2.fc28", epoch:"3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "3:mariadb");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | 28 | cpe:/o:fedoraproject:fedora:28 |
fedoraproject | fedora | 3 | p-cpe:/a:fedoraproject:fedora:3:mariadb |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
bodhi.fedoraproject.org/updates/FEDORA-2018-4a4dc47afe
bodhi.fedoraproject.org/updates/FEDORA-2018-83bbd0c22f
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.4%