Vulnerabilities > CVE-2019-8457 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sqlite
canonical
opensuse
fedoraproject
CWE-125
critical
nessus

Summary

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Vulnerable Configurations

Part Description Count
Application
Sqlite
134
OS
Canonical
5
OS
Opensuse
1
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1810.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) - sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) - sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) - sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) - sqlite: mishandles certain uses of INSERT INTO in situations involving embedded
    last seen2020-04-30
    modified2020-04-28
    plugin id136056
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136056
    titleRHEL 8 : sqlite (RHSA-2020:1810)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1810. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136056);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29");
    
      script_cve_id(
        "CVE-2019-8457",
        "CVE-2019-13752",
        "CVE-2019-13753",
        "CVE-2019-19923",
        "CVE-2019-19924",
        "CVE-2019-19925",
        "CVE-2019-19959"
      );
      script_xref(name:"RHSA", value:"2020:1810");
    
      script_name(english:"RHEL 8 : sqlite (RHSA-2020:1810)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1810 advisory.
    
      - sqlite: fts3: improve shadow table corruption detection
        (CVE-2019-13752)
    
      - sqlite: fts3: incorrectly removed corruption check
        (CVE-2019-13753)
    
      - sqlite: mishandling of certain uses of SELECT DISTINCT
        involving a LEFT JOIN in flattenSubquery in select.c
        leads to a NULL pointer dereference (CVE-2019-19923)
    
      - sqlite: incorrect sqlite3WindowRewrite() error handling
        leads to mishandling certain parser-tree rewriting
        (CVE-2019-19924)
    
      - sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a
        NULL pathname during an update of a ZIP archive
        (CVE-2019-19925)
    
      - sqlite: mishandles certain uses of INSERT INTO in
        situations involving embedded '\0' characters in
        filenames (CVE-2019-19959)
    
      - sqlite: heap out-of-bound read in function rtreenode()
        (CVE-2019-8457)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/391.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/626.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1810");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13752");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13753");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19923");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19924");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19925");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19959");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8457");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716881");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1781999");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1782000");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788842");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788846");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788866");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1789595");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(20, 125, 391, 476, 626);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8::baseos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:lemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sqlite-libs");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'lemon-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'lemon-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'lemon-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'sqlite-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'sqlite-3.26.0-6.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'sqlite-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'sqlite-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'sqlite-debugsource-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'sqlite-devel-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'sqlite-doc-3.26.0-6.el8', 'release':'8'},
        {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'sqlite-libs-3.26.0-6.el8', 'cpu':'x86_64', 'release':'8'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-debugsource / etc');
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1522-1.NASL
    descriptionThis update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125986
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125986
    titleSUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1522-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125986);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2017-10989", "CVE-2018-8740", "CVE-2019-8457");
    
      script_name(english:"SUSE SLES12 Security Update : sqlite3 (SUSE-SU-2019:1522-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for sqlite3 fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when
    handling invalid rtree tables (bsc#1136976).
    
    CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted
    databases schemas (bsc#1085790).
    
    CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize()
    (bsc#1132045).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10989/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-8740/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8457/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191522-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e727aefe"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2019-1522=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debuginfo-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"sqlite3-debugsource-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-32bit-3.8.3.1-2.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libsqlite3-0-debuginfo-32bit-3.8.3.1-2.12.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2060.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.(CVE-2017-10989) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129253
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129253
    titleEulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2060)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129253);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-10989",
        "CVE-2019-8457"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2019-2060)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the sqlite packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - SQLite3 from 3.6.0 to and including 3.27.2 is
        vulnerable to heap out-of-bound read in the rtreenode()
        function when handling invalid rtree
        tables.(CVE-2019-8457)
    
      - The getNodeSize function in ext/rtree/rtree.c in SQLite
        through 3.19.3, as used in GDAL and other products,
        mishandles undersized RTree blobs in a crafted
        database, leading to a heap-based buffer over-read or
        possibly unspecified other impact.(CVE-2017-10989)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2060
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f478bf1c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.7.17-8.h4",
            "sqlite-devel-3.7.17-8.h4"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1280.NASL
    descriptionAccording to the version of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134746
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134746
    titleEulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-1280)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134746);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/24");
    
      script_cve_id(
        "CVE-2019-8457"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.2.2 : sqlite (EulerOS-SA-2020-1280)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the sqlite packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerability :
    
      - SQLite3 from 3.6.0 to and including 3.27.2 is
        vulnerable to heap out-of-bound read in the rtreenode()
        function when handling invalid rtree
        tables.(CVE-2019-8457)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1280
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?afc0edb9");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.7.17-8.h6",
            "sqlite-devel-3.7.17-8.h6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1814.NASL
    descriptionAccording to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-08-27
    plugin id128183
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128183
    titleEulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128183);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-8457"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2019-1814)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the sqlite packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - SQLite3 from 3.6.0 to and including 3.27.2 is
        vulnerable to heap out-of-bound read in the rtreenode()
        function when handling invalid rtree
        tables.(CVE-2019-8457)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1814
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f157eed0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected sqlite package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sqlite-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["sqlite-3.24.0-2.h3.eulerosv2r8",
            "sqlite-devel-3.24.0-2.h3.eulerosv2r8",
            "sqlite-doc-3.24.0-2.h3.eulerosv2r8",
            "sqlite-libs-3.24.0-2.h3.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0018_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126208
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126208
    titlePhoton OS 3.0: Sqlite PHSA-2019-3.0-0018
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-3.0-0018. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126208);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2019-8457");
    
      script_name(english:"Photon OS 3.0: Sqlite PHSA-2019-3.0-0018");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the sqlite package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0018.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8457");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-3.27.2-3.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-debuginfo-3.27.2-3.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-devel-3.27.2-3.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", reference:"sqlite-libs-3.27.2-3.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3377813D18.NASL
    descriptionFixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127506
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127506
    titleFedora 29 : sqlite (2019-3377813d18)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-3377813d18.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127506);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-8457");
      script_xref(name:"FEDORA", value:"2019-3377813d18");
    
      script_name(english:"Fedora 29 : sqlite (2019-3377813d18)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixed out of bounds heap read in function rtreenode()
    
    Enhance the rtreenode() function of rtree (used for testing) so that
    it uses the newer sqlite3_str object for better performance and
    improved error reporting.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3377813d18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sqlite package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"sqlite-3.26.0-4.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0237_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126202
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126202
    titlePhoton OS 1.0: Sqlite PHSA-2019-1.0-0237
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0237. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126202);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2019-8457");
      script_bugtraq_id(106358);
    
      script_name(english:"Photon OS 1.0: Sqlite PHSA-2019-1.0-0237");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the sqlite package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-237.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12735");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-3.27.2-3.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"sqlite-autoconf-debuginfo-3.27.2-3.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1601-1.NASL
    descriptionThis update for sqlite3 fixes the following issues : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126156
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126156
    titleSUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1601-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1601-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126156);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-8457");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1601-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for sqlite3 fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when
    handling invalid rtree tables (bsc#1136976).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8457/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191601-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?09453302"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-1601=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-1601=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2019-1601=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-1601=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-1601=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-1601=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1601=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-1601=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-1601=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-1601=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-1601=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-1601=1
    
    SUSE Enterprise Storage 4:zypper in -t patch
    SUSE-Storage-4-2019-1601=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1601=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsqlite3-0-debuginfo-32bit-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debuginfo-3.8.10.2-9.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"sqlite3-debugsource-3.8.10.2-9.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14083-1.NASL
    descriptionThis update for sqlite3 fixes the following issue : Security issue fixed : CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125944
    published2019-06-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125944
    titleSUSE SLES11 Security Update : sqlite3 (SUSE-SU-2019:14083-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:14083-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125944);
      script_version("1.3");
      script_cvs_date("Date: 2019/06/18 10:31:32");
    
      script_cve_id("CVE-2019-8457");
    
      script_name(english:"SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2019:14083-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for sqlite3 fixes the following issue :
    
    Security issue fixed :
    
    CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when
    handling invalid rtree tables (bsc#1136976).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8457/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-201914083-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?80294e5c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch
    slessp4-sqlite3-14083=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-sqlite3-14083=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-sqlite3-14083=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsqlite3-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sqlite3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    # Temp disable
    exit(0, "This plugin has been temporarily disabled.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libsqlite3-0-32bit-3.7.6.3-1.4.7.9.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libsqlite3-0-32bit-3.7.6.3-1.4.7.9.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libsqlite3-0-3.7.6.3-1.4.7.9.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"sqlite3-3.7.6.3-1.4.7.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite3");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-02B81266B7.NASL
    descriptionFixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127103
    published2019-07-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127103
    titleFedora 30 : sqlite (2019-02b81266b7)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-02b81266b7.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127103);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-8457");
      script_xref(name:"FEDORA", value:"2019-02b81266b7");
    
      script_name(english:"Fedora 30 : sqlite (2019-02b81266b7)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixed out of bounds heap read in function rtreenode()
    
    Enhance the rtreenode() function of rtree (used for testing) so that
    it uses the newer sqlite3_str object for better performance and
    improved error reporting.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-02b81266b7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sqlite package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"sqlite-3.26.0-6.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sqlite");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A6CF65AD37D211EAA1C7B499BAEBFEAF.NASL
    descriptionOracle reports : This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
    last seen2020-06-01
    modified2020-06-02
    plugin id132942
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132942
    titleFreeBSD : MySQL -- Multiple vulerabilities (a6cf65ad-37d2-11ea-a1c7-b499baebfeaf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2461.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131615
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131615
    titleEulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-2461)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0018_GLIB.NASL
    descriptionAn update of the glib package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126206
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126206
    titlePhoton OS 3.0: Glib PHSA-2019-3.0-0018
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4019-1.NASL
    descriptionIt was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126065
    published2019-06-20
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126065
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : sqlite3 vulnerabilities (USN-4019-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0162_SQLITE.NASL
    descriptionAn update of the sqlite package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126210
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126210
    titlePhoton OS 2.0: Sqlite PHSA-2019-2.0-0162
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1645.NASL
    descriptionThis update for sqlite3 fixes the following issues : Security issue fixed:&#9; - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126331
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126331
    titleopenSUSE Security Update : sqlite3 (openSUSE-2019-1645)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1991.NASL
    descriptionAccording to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129185
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129185
    titleEulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1991)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2348.NASL
    descriptionAccording to the version of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131513
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131513
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : sqlite (EulerOS-SA-2019-2348)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4004-2.NASL
    descriptionUSN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details : It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125720
    published2019-06-05
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125720
    titleUbuntu 14.04 LTS : db5.3 vulnerability (USN-4004-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1207.NASL
    descriptionAccording to the versions of the sqlite package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.(CVE-2019-8457) - os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.(CVE-2016-6153) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134496
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134496
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : sqlite (EulerOS-SA-2020-1207)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0018_GO.NASL
    descriptionAn update of the go package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126207
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126207
    titlePhoton OS 3.0: Go PHSA-2019-3.0-0018

Redhat

advisories
bugzilla
id1789595
titleCVE-2019-19959 sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentsqlite-doc is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810001
        • commentsqlite-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151634006
      • AND
        • commentsqlite-debugsource is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810003
        • commentsqlite-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20200273002
      • AND
        • commentsqlite-libs is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810005
        • commentsqlite-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20200273008
      • AND
        • commentsqlite-devel is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810007
        • commentsqlite-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151634008
      • AND
        • commentsqlite is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810009
        • commentsqlite is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151634010
      • AND
        • commentlemon is earlier than 0:3.26.0-6.el8
          ovaloval:com.redhat.rhsa:tst:20201810011
        • commentlemon is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151634004
rhsa
idRHSA-2020:1810
released2020-04-28
severityModerate
titleRHSA-2020:1810: sqlite security and bug fix update (Moderate)
rpms
  • lemon-0:3.26.0-6.el8
  • lemon-debuginfo-0:3.26.0-6.el8
  • sqlite-0:3.26.0-6.el8
  • sqlite-analyzer-debuginfo-0:3.26.0-6.el8
  • sqlite-debuginfo-0:3.26.0-6.el8
  • sqlite-debugsource-0:3.26.0-6.el8
  • sqlite-devel-0:3.26.0-6.el8
  • sqlite-doc-0:3.26.0-6.el8
  • sqlite-libs-0:3.26.0-6.el8
  • sqlite-libs-debuginfo-0:3.26.0-6.el8
  • sqlite-tcl-debuginfo-0:3.26.0-6.el8

References