No alerts appears after installing a vulnerable package

MARCOSD4 commented 9 months ago

Wazuh version	Component	Install type	Install method	Platform
4.8.0-beta1	Wazuh component	Manager/Agent	Packages/Sources	Amazon Linux 2023

During the testing in Release 4.8.0 - Beta 1 - E2E UX tests - Vulnerability Detection, specifically when it was being tested in Amazon Linux 2023, it has been possible to verify that no alert has been sent after installing a vulnerable MySQL package. The following procedure has been carried out:

A vulnerable MySQL package has been downloaded, with version 5.5.23: https://downloads.mysql.com/archives/community/. Then, it has been installed:

[root@localhost vagrant]# tar -xvf MySQL-5.5.23-1.linux2.6.x86_64.tar 
MySQL-client-5.5.23-1.linux2.6.x86_64.rpm
MySQL-devel-5.5.23-1.linux2.6.x86_64.rpm
MySQL-embedded-5.5.23-1.linux2.6.x86_64.rpm
MySQL-server-5.5.23-1.linux2.6.x86_64.rpm
MySQL-shared-5.5.23-1.linux2.6.x86_64.rpm
MySQL-test-5.5.23-1.linux2.6.x86_64.rpm

[root@localhost vagrant]# rpm -i MySQL-server-5.5.23-1.linux2.6.x86_64.rpm 
usermod: no changes

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

Please report any problems with the /usr/bin/mysqlbug script!

[root@localhost vagrant]# rpm -i MySQL-client-5.5.23-1.linux2.6.x86_64.rpm 
[root@localhost vagrant]# mysql --version
mysql  Ver 14.14 Distrib 5.5.23, for Linux (x86_64) using readline 5.1

Note: the package was installed at around 12:00 p.m.

Then, after waiting several hours, no alert has appeared on the dashboard:

This same package installed in Ubuntu 20.04 does generate alerts, as it can be seen here: https://github.com/wazuh/wazuh/issues/21827.

The configuration of the manager and agent is as follows:

Manager:

```console yes yes no no no smtp.example.wazuh.com wazuh@example.wazuh.com recipient@example.wazuh.com 12 alerts.log 10m 0 yes 3 12 plain secure 1514 tcp 131072 no yes yes yes yes yes yes yes 43200 etc/rootcheck/rootkit_files.txt etc/rootcheck/rootkit_trojans.txt yes yes 1800 1d

yes

wodles/java wodles/ciscat yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 5m yes yes yes yes yes yes yes 10 yes yes 12h yes

yes

60m

yes https://172.31.44.187:9200 /etc/filebeat/certs/root-ca.pem /etc/filebeat/certs/wazuh-1.pem /etc/filebeat/certs/wazuh-1-key.pem no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 50 yes 5m 10 127.0.0.1 ^localhost.localdomain$ 172.31.0.2 disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes command df -P 360 full_command netstat -tulpn | sed 's/$[[:alnum:]]\+$\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+$.*$:$[[:digit:]]*$\ \+$[0-9\.\:\*]\+$.\+\ $[[:digit:]]*\/[[:alnum:]\-]*$.*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == $.*$ ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/decoders etc/rules yes 1 64 15m no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh node01 master 1516 0.0.0.0 NODE_IP no yes audit /var/log/audit/audit.log syslog /var/ossec/logs/active-responses.log syslog /var/log/messages syslog /var/log/secure ```

Agent:

```console [root@localhost vagrant]# cat /var/ossec/etc/ossec.conf

54.81.25.42

1514 tcp agente

amzn, amzn1

10

60

yes aes no 5000 500 no yes yes yes yes yes yes yes 43200 etc/shared/rootkit_files.txt etc/shared/rootkit_trojans.txt yes yes 1800 1d

yes

wodles/java wodles/ciscat yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 5m yes yes yes yes yes yes yes 10 yes yes 12h yes no 43200 yes /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 50 yes 5m 10 command df -P 360 full_command netstat -tulpn | sed 's/$[[:alnum:]]\+$\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+$.*$:$[[:digit:]]*$\ \+$[0-9\.\:\*]\+$.\+\ $[[:digit:]]*\/[[:alnum:]\-]*$.*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == $.*$ ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360

no etc/wpk_root.pem yes

plain audit /var/log/audit/audit.log syslog /var/ossec/logs/active-responses.log ```

sebasfalcone commented 9 months ago

May be related to

https://github.com/wazuh/wazuh/issues/21669

sebasfalcone commented 9 months ago

Analisis

Package detected and scanned

2024/02/16 12:43:33 wazuh-modulesd:vulnerability-scanner[34887] packageScanner.hpp:250 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'mysql-server' (rpm) (Oracle and/or its affiliates) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'amzn2023' (ID: '001', Version: 'v4.7.2').
2024/02/16 12:43:33 wazuh-modulesd:vulnerability-scanner[34887] packageScanner.hpp:277 at handleRequest(): DEBUG: Vulnerability scan for package 'mysql-server' on Agent '001' has completed.
2024/02/16 12:43:33 wazuh-modulesd:vulnerability-scanner[34887] packageScanner.hpp:250 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'mysql-client' (rpm) (Oracle and/or its affiliates) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'amzn2023' (ID: '001', Version: 'v4.7.2').
2024/02/16 12:43:33 wazuh-modulesd:vulnerability-scanner[34887] packageScanner.hpp:277 at handleRequest(): DEBUG: Vulnerability scan for package 'mysql-client' on Agent '001' has completed.
2024/02/16

Vulnerability associated (CVE-2020-14760)
- For ALAS we use its own feed (see "adp" section on the CVEv5)
- If not present, we consider it not vulnerable (see that "vendor" keys, from the CVEv5 doesn't have "alas")

See feed

```json { "containers": { "adp": [ { "affected": [ { "defaultStatus": "affected", "platforms": [ "xenial" ], "product": "percona-server-5.6", "vendor": "canonical" }, { "defaultStatus": "affected", "platforms": [ "xenial" ], "product": "percona-xtradb-cluster-5.6", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "bionic" ], "product": "mysql-5.7", "vendor": "canonical", "versions": [ { "lessThan": "5.7.32-0ubuntu0.18.04.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "bionic", "upstream" ], "product": "mariadb-10.1", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "focal", "groovy", "hirsute", "impish", "jammy", "kinetic", "lunar", "mantic", "upstream" ], "product": "mysql-8.0", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "focal", "upstream" ], "product": "mariadb-10.3", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "upstream" ], "product": "mariadb-5.5", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "upstream" ], "product": "mysql-5.7", "vendor": "canonical", "versions": [ { "lessThan": "5.7.32", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "upstream", "xenial" ], "product": "mariadb-10.0", "vendor": "canonical" }, { "defaultStatus": "unaffected", "platforms": [ "xenial" ], "product": "mysql-5.7", "vendor": "canonical", "versions": [ { "lessThan": "5.7.32-0ubuntu0.16.04.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "platforms": [ "groovy" ], "product": "mariadb-10.3", "vendor": "canonical" }, { "defaultStatus": "unknown", "platforms": [ "trusty", "upstream" ], "product": "mysql-5.5", "vendor": "canonical" }, { "defaultStatus": "unknown", "platforms": [ "upstream" ], "product": "mysql-5.6", "vendor": "canonical" }, { "defaultStatus": "unknown", "platforms": [ "upstream" ], "product": "percona-server-5.6", "vendor": "canonical" }, { "defaultStatus": "unknown", "platforms": [ "upstream" ], "product": "percona-xtradb-cluster-5.5", "vendor": "canonical" }, { "defaultStatus": "unknown", "platforms": [ "upstream" ], "product": "percona-xtradb-cluster-5.6", "vendor": "canonical" } ], "descriptions": [ { "lang": "en", "value": "5.7 only" }, { "lang": "en", "value": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-32.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-22.html https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "lang": "en", "value": "since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored." } ], "providerMetadata": { "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14760" }, { "url": "https://ubuntu.com/security/notices/USN-4604-1" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" } ] }, { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "Judy", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "Judy-debugsource", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "galera", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "galera-debugsource", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-backup", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-common", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-debugsource", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-embedded", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-embedded-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-errmsg", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-gssapi-server", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-oqgraph-engine", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-pam", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-server", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-server-galera", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-server-utils", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::supplementary", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "product": "mariadb-test", "vendor": "redhat" } ], "descriptions": [ { "lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2020-14760." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2021-02-16T00:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "x_subShortName": "redhat_8" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2020-14760" } ] }, { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-bench", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-embedded", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-embedded-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-libs", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-server", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:6", "cpe:/a:redhat:rhel_extras_hpn:6", "cpe:/a:redhat:rhel_extras_oracle_java:6", "cpe:/a:redhat:rhel_extras_sap:6", "cpe:/a:redhat:rhel_extras_sap_hana:6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:rhel_eus:6.0" ], "product": "mysql-test", "vendor": "redhat" } ], "descriptions": [ { "lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2020-14760." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2021-02-16T00:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "x_subShortName": "redhat_6" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2020-14760" } ] }, { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-bench", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-embedded", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-embedded-devel", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-libs", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-server", "vendor": "redhat" }, { "defaultStatus": "unaffected", "platforms": [ "cpe:/a:redhat:rhel_extras:7", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/a:redhat:rhel_extras_sap:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::container", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "product": "mariadb-test", "vendor": "redhat" } ], "descriptions": [ { "lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2020-14760." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2021-02-16T00:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "x_subShortName": "redhat_7" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2020-14760" } ] } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "mysql", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "5.7.31", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que están afectadas son 5.7.31 y anteriores. Una vulnerabilidad explotable fácilmente permite a un atacante muy privilegiado con acceso a la red por medio de múltiples protocolos comprometer a MySQL Server. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una suspensión o bloqueo repetible frecuentemente (DOS completo) de MySQL Server, así como también a una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de MySQL Server. CVSS 3.1 Puntuación Base 5.5 (Impactos de la Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)" } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "NVD-CWE-noinfo", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-29T19:40:10Z", "orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd" }, "references": [ { "tags": [ "patch", "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "third-party-advisory" ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "tags": [ "third-party-advisory" ], "url": "https://security.netapp.com/advisory/ntap-20201023-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2020-14760", "datePublished": "2020-10-21T15:15:16Z", "dateUpdated": "2022-03-29T19:40:10Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" } ```

Conclusion

This is an expected behaviour

wazuh / wazuh

No alerts appears after installing a vulnerable package #21828

Analisis

Conclusion