Vulnerabilities > CVE-2019-8457 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1810.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded last seen 2020-04-30 modified 2020-04-28 plugin id 136056 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136056 title RHEL 8 : sqlite (RHSA-2020:1810) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1810. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136056); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29"); script_cve_id( "CVE-2019-8457", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959" ); script_xref(name:"RHSA", value:"2020:1810"); script_name(english:"RHEL 8 : sqlite (RHSA-2020:1810)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames (CVE-2019-19959) - sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/391.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/626.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1810"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13752"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13753"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19923"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19924"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19925"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19959"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8457"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716881"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1781999"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1782000"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788842"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788846"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788866"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1789595"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 125, 391, 476, 626); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8::baseos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-libs"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'lemon-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'lemon-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'sqlite-doc-3.26.0-6.el8', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'i686', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'}, {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-debugsource / etc'); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1522-1.NASL description This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125986 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125986 title SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1522-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125986); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2017-10989", "CVE-2018-8740", "CVE-2019-8457"); script_name(english:"SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132045" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-10989/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-8740/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-8457/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191522-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e727aefe" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2019-1522=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debuginfo-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debugsource-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-32bit-3.8.3.1-2.12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-32bit-3.8.3.1-2.12.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2060.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.(CVE-2017-10989) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129253 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129253 title EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2060) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(129253); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2017-10989", "CVE-2019-8457" ); script_name(english:"EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2060)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.(CVE-2017-10989) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2060 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f478bf1c"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["sqlite-3.7.17-8.h4", "sqlite-devel-3.7.17-8.h4"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1280.NASL description According to the version of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134746 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134746 title EulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-1280) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(134746); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/24"); script_cve_id( "CVE-2019-8457" ); script_name(english:"EulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-1280)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1280 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?afc0edb9"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["sqlite-3.7.17-8.h6", "sqlite-devel-3.7.17-8.h6"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1814.NASL description According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-08-27 plugin id 128183 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128183 title EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128183); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2019-8457" ); script_name(english:"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1814 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f157eed0"); script_set_attribute(attribute:"solution", value: "Update the affected sqlite package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["sqlite-3.24.0-2.h3.eulerosv2r8", "sqlite-devel-3.24.0-2.h3.eulerosv2r8", "sqlite-doc-3.24.0-2.h3.eulerosv2r8", "sqlite-libs-3.24.0-2.h3.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0018_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126208 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126208 title Photon OS 3.0: Sqlite PHSA-2019-3.0-0018 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0018. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126208); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2019-8457"); script_name(english:"Photon OS 3.0: Sqlite PHSA-2019-3.0-0018"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the sqlite package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0018.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-3.27.2-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-debuginfo-3.27.2-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-devel-3.27.2-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-libs-3.27.2-3.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-3377813D18.NASL description Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127506 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127506 title Fedora 29 : sqlite (2019-3377813d18) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-3377813d18. # include("compat.inc"); if (description) { script_id(127506); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-8457"); script_xref(name:"FEDORA", value:"2019-3377813d18"); script_name(english:"Fedora 29 : sqlite (2019-3377813d18)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3377813d18" ); script_set_attribute( attribute:"solution", value:"Update the affected sqlite package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"sqlite-3.26.0-4.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126202 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126202 title Photon OS 1.0: Sqlite PHSA-2019-1.0-0237 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0237. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126202); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2019-8457"); script_bugtraq_id(106358); script_name(english:"Photon OS 1.0: Sqlite PHSA-2019-1.0-0237"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the sqlite package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-237.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12735"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-3.27.2-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-debuginfo-3.27.2-3.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1601-1.NASL description This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126156 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126156 title SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1601-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1601-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(126156); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-8457"); script_name(english:"SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1601-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-8457/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191601-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?09453302" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1601=1 SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1601=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1601=1 SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1601=1 SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1601=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1601=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1601=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1601=1 SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1601=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1601=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1601=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1601=1 SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-1601=1 SUSE CaaS Platform ALL : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. SUSE CaaS Platform 3.0 : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1601=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14083-1.NASL description This update for sqlite3 fixes the following issue : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125944 published 2019-06-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125944 title SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2019:14083-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:14083-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125944); script_version("1.3"); script_cvs_date("Date: 2019/06/18 10:31:32"); script_cve_id("CVE-2019-8457"); script_name(english:"SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2019:14083-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sqlite3 fixes the following issue : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-8457/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-201914083-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?80294e5c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch slessp4-sqlite3-14083=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-sqlite3-14083=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-sqlite3-14083=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } # Temp disable exit(0, "This plugin has been temporarily disabled."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.7.6.3-1.4.7.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libsqlite3-0-32bit-3.7.6.3-1.4.7.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libsqlite3-0-3.7.6.3-1.4.7.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"sqlite3-3.7.6.3-1.4.7.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-02B81266B7.NASL description Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127103 published 2019-07-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127103 title Fedora 30 : sqlite (2019-02b81266b7) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-02b81266b7. # include("compat.inc"); if (description) { script_id(127103); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2019-8457"); script_xref(name:"FEDORA", value:"2019-02b81266b7"); script_name(english:"Fedora 30 : sqlite (2019-02b81266b7)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-02b81266b7" ); script_set_attribute( attribute:"solution", value:"Update the affected sqlite package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"sqlite-3.26.0-6.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A6CF65AD37D211EAA1C7B499BAEBFEAF.NASL description Oracle reports : This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. last seen 2020-06-01 modified 2020-06-02 plugin id 132942 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132942 title FreeBSD : MySQL -- Multiple vulerabilities (a6cf65ad-37d2-11ea-a1c7-b499baebfeaf) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2461.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131615 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131615 title EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-2461) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0018_GLIB.NASL description An update of the glib package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126206 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126206 title Photon OS 3.0: Glib PHSA-2019-3.0-0018 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4019-1.NASL description It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126065 published 2019-06-20 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126065 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : sqlite3 vulnerabilities (USN-4019-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0162_SQLITE.NASL description An update of the sqlite package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126210 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126210 title Photon OS 2.0: Sqlite PHSA-2019-2.0-0162 NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1645.NASL description This update for sqlite3 fixes the following issues : Security issue fixed:	 - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126331 published 2019-06-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126331 title openSUSE Security Update : sqlite3 (openSUSE-2019-1645) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1991.NASL description According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129185 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129185 title EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1991) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2348.NASL description According to the version of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131513 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131513 title EulerOS Virtualization for ARM 64 3.0.3.0 : sqlite (EulerOS-SA-2019-2348) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4004-2.NASL description USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details : It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125720 published 2019-06-05 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125720 title Ubuntu 14.04 LTS : db5.3 vulnerability (USN-4004-2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1207.NASL description According to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134496 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134496 title EulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1207) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0018_GO.NASL description An update of the go package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126207 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126207 title Photon OS 3.0: Go PHSA-2019-3.0-0018
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.sqlite.org/src/info/90acdbfce9c08858
- https://www.sqlite.org/releaselog/3_28_0.html
- https://usn.ubuntu.com/4004-1/
- https://usn.ubuntu.com/4004-2/
- https://security.netapp.com/advisory/ntap-20190606-0002/
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/