Executive Summary

Informations
NameMDVSA-2015:217First vendor Publication2015-04-30
VendorMandrivaLast vendor Modification2015-04-30
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in sqlite3:

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement (CVE-2015-3414).

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement (CVE-2015-3415).

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement (CVE-2015-3416).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:217

CWE : Common Weakness Enumeration

%idName
67 %CWE-20Improper Input Validation
33 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application4
Os78
Os2
Os3
Os1

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-09-24IAVM : 2015-A-0222 - Multiple Security Vulnerabilities in Apple iOS
Severity : Category I - VMSKEY : V0061471

Nessus® Vulnerability Scanner

DateDescription
2017-05-08Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_6.nasl - Type : ACT_GATHER_INFO
2017-05-08Name : An application running on the remote host is affected by multiple vulnerabili...
File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO
2017-05-08Name : The remote host contains an application that is affected by multiple vulnerab...
File : macos_itunes_12_6.nasl - Type : ACT_GATHER_INFO
2016-06-08Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16950.nasl - Type : ACT_GATHER_INFO
2015-10-05Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-09-03Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-591.nasl - Type : ACT_GATHER_INFO
2015-08-19Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0115.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1634.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1635.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150817_sqlite_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150817_sqlite_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1634.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1635.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1634.nasl - Type : ACT_GATHER_INFO
2015-08-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1635.nasl - Type : ACT_GATHER_INFO
2015-07-31Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2698-1.nasl - Type : ACT_GATHER_INFO
2015-07-20Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-198-02.nasl - Type : ACT_GATHER_INFO
2015-07-09Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-561.nasl - Type : ACT_GATHER_INFO
2015-07-09Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-562.nasl - Type : ACT_GATHER_INFO
2015-07-09Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-563.nasl - Type : ACT_GATHER_INFO
2015-07-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201507-05.nasl - Type : ACT_GATHER_INFO
2015-06-24Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_42.nasl - Type : ACT_GATHER_INFO
2015-06-24Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_26.nasl - Type : ACT_GATHER_INFO
2015-06-24Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_6_10.nasl - Type : ACT_GATHER_INFO
2015-05-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3252.nasl - Type : ACT_GATHER_INFO
2015-05-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-217.nasl - Type : ACT_GATHER_INFO
2015-04-20Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_dec3164f312145efaf18bb113ac5082f.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2015-05-02 13:26:28
  • Multiple Updates
2015-04-30 13:25:55
  • First insertion