Vulnerabilities > CVE-2010-3679 - Resource Management Errors vulnerability in multiple products

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2011:0164. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(51571);
  script_version ("1.17");
  script_cvs_date("Date: 2019/10/25 13:36:15");

  script_cve_id("CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);
  script_xref(name:"RHSA", value:"2011:0164");

  script_name(english:"RHEL 6 : mysql (RHSA-2011:0164)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated mysql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists
of the MySQL server daemon (mysqld) and many client programs and
libraries.

The MySQL PolyFromWKB() function did not sanity check Well-Known
Binary (WKB) data, which could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3840)

A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to
100%), if a stored procedure contained JOIN queries, and that
procedure was executed twice in sequence. (CVE-2010-3839)

A flaw in the way MySQL processed queries that provide a mixture of
numeric and longblob data types to the LEAST or GREATEST function,
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3838)

A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)

MySQL did not properly pre-evaluate LIKE arguments in view prepare
mode, possibly allowing a remote, authenticated attacker to crash
mysqld. (CVE-2010-3836)

A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)

A flaw in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST, could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3833)

A flaw in the way MySQL handled LOAD DATA INFILE requests allowed
MySQL to send OK packets even when there were errors. (CVE-2010-3683)

A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)

A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated
attacker to crash mysqld. (CVE-2010-3681)

A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements
that define NULL columns when using the InnoDB storage engine, could
allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3680)

A flaw in the way MySQL processed certain values provided to the
BINLOG statement caused MySQL to read unassigned memory. A remote,
authenticated attacker could possibly use this flaw to crash mysqld.
(CVE-2010-3679)

A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments
to the query, could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3678)

A flaw in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3677)

Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,
CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of
service, as mysqld was automatically restarted after each crash.

These updated packages upgrade MySQL to version 5.1.52. Refer to the
MySQL release notes for a full list of changes :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

All MySQL users should upgrade to these updated packages, which
correct these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3678"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3679"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3682"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3833"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3835"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3836"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3840"
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2011:0164"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2011:0164";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mysql-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mysql-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mysql-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", reference:"mysql-debuginfo-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", reference:"mysql-devel-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", reference:"mysql-embedded-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", reference:"mysql-embedded-devel-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", reference:"mysql-libs-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-debuginfo / mysql-devel / etc");
  }
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1017-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(50573);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-2008", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
  script_bugtraq_id(41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);
  script_xref(name:"USN", value:"1017-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that MySQL incorrectly handled certain requests with
the UPGRADE DATA DIRECTORY NAME command. An authenticated user could
exploit this to make MySQL crash, causing a denial of service. This
issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)

It was discovered that MySQL incorrectly handled joins involving a
table with a unique SET column. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3677)

It was discovered that MySQL incorrectly handled NULL arguments to
IN() or CASE operations. An authenticated user could exploit this to
make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3678)

It was discovered that MySQL incorrectly handled malformed arguments
to the BINLOG statement. An authenticated user could exploit this to
make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3679)

It was discovered that MySQL incorrectly handled the use of TEMPORARY
InnoDB tables with nullable columns. An authenticated user could
exploit this to make MySQL crash, causing a denial of service. This
issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3680)

It was discovered that MySQL incorrectly handled alternate reads from
two indexes on a table using the HANDLER interface. An authenticated
user could exploit this to make MySQL crash, causing a denial of
service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and
10.04 LTS. (CVE-2010-3681)

It was discovered that MySQL incorrectly handled use of EXPLAIN with
certain queries. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)

It was discovered that MySQL incorrectly handled error reporting when
using LOAD DATA INFILE and would incorrectly raise an assert in
certain circumstances. An authenticated user could exploit this to
make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3683)

It was discovered that MySQL incorrectly handled propagation during
evaluation of arguments to extreme-value functions. An authenticated
user could exploit this to make MySQL crash, causing a denial of
service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and
10.10. (CVE-2010-3833)

It was discovered that MySQL incorrectly handled materializing a
derived table that required a temporary table for grouping. An
authenticated user could exploit this to make MySQL crash, causing a
denial of service. (CVE-2010-3834)

It was discovered that MySQL incorrectly handled certain user-variable
assignment expressions that are evaluated in a logical expression
context. An authenticated user could exploit this to make MySQL crash,
causing a denial of service. This issue only affected Ubuntu 8.04 LTS,
9.10, 10.04 LTS and 10.10. (CVE-2010-3835)

It was discovered that MySQL incorrectly handled pre-evaluation of
LIKE predicates during view preparation. An authenticated user could
exploit this to make MySQL crash, causing a denial of service.
(CVE-2010-3836)

It was discovered that MySQL incorrectly handled using GROUP_CONCAT()
and WITH ROLLUP together. An authenticated user could exploit this to
make MySQL crash, causing a denial of service. (CVE-2010-3837)

It was discovered that MySQL incorrectly handled certain queries using
a mixed list of numeric and LONGBLOB arguments to the GREATEST() or
LEAST() functions. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. (CVE-2010-3838)

It was discovered that MySQL incorrectly handled queries with nested
joins when used from stored procedures and prepared statements. An
authenticated user could exploit this to make MySQL hang, causing a
denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and
10.10. (CVE-2010-3839)

It was discovered that MySQL incorrectly handled improper WKB data
passed to the PolyFromWKB() function. An authenticated user could
exploit this to make MySQL crash, causing a denial of service.
(CVE-2010-3840).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1017-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient15off");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqld-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmysqld-pic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-5.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-5.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15-dev", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libmysqlclient15off", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mysql-client", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mysql-client-5.0", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mysql-common", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mysql-server", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mysql-server-5.0", pkgver:"5.0.22-0ubuntu6.06.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libmysqlclient15-dev", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libmysqlclient15off", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"mysql-client", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"mysql-client-5.0", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"mysql-common", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"mysql-server", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"mysql-server-5.0", pkgver:"5.0.51a-3ubuntu5.8")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libmysqlclient-dev", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libmysqlclient16", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libmysqlclient16-dev", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libmysqld-dev", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libmysqld-pic", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-client", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-client-5.1", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-common", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-server", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-server-5.1", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"mysql-server-core-5.1", pkgver:"5.1.37-1ubuntu5.5")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmysqlclient-dev", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmysqlclient16", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmysqlclient16-dev", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmysqld-dev", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmysqld-pic", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-client", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-client-5.1", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-client-core-5.1", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-common", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-server", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-5.1", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-core-5.1", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-testsuite", pkgver:"5.1.41-3ubuntu12.7")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmysqlclient-dev", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmysqlclient16", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmysqlclient16-dev", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmysqld-dev", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libmysqld-pic", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-client", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-client-5.1", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-client-core-5.1", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-common", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-server", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-server-5.1", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-server-core-5.1", pkgver:"5.1.49-1ubuntu8.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-testsuite", pkgver:"5.1.49-1ubuntu8.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient-dev / libmysqlclient15-dev / libmysqlclient15off / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(48759);
  script_version("1.12");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id(
    "CVE-2010-3676",
    "CVE-2010-3677",
    "CVE-2010-3678",
    "CVE-2010-3679",
    "CVE-2010-3680",
    "CVE-2010-3681",
    "CVE-2010-3682",
    "CVE-2010-3683"
  );
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646);
  script_xref(name:"Secunia", value:"41048");

  script_name(english:"MySQL Community Server < 5.1.49 Multiple Vulnerabilities");
  script_summary(english:"Checks version of MySQL 5.1 Server");

  script_set_attribute(attribute:"synopsis", value:"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL Community Server installed on the remote host is
earlier than 5.1.49 and thus potentially affected by multiple
vulnerabilities:

  - DDL statements could cause the server to crash. (55039)

  - Joins involving a table with a unique SET column could
    cause the server to crash. (54575)

  - Incorrect handling of NULL arguments for IN or CASE
    operations involving the WITH ROLLUP modifier could
    cause the server to crash. (54477)

  - A malformed argument to the BINLOG statement could
    cause the server to crash. (54393)

  - Using TEMPORARY InnoDB tables with nullable columns
    could cause the server to crash. (54044)

  - Alternate reads with two indexes on a table using the
    HANDLER interface could cause the server to crash.
    (54007)

  - Using EXPLAIN with queries of the form SELECT ... UNION
    ... ORDER BY (SELECT ... WHERE ...) could cause the
    server to crash. (52711)

  - LOAD DATA INFILE did not check for SQL errors sent and
    even if errors were already reported, it sent an OK
    packet. Also, an assert was sometimes raised when it
    should not have been relating to client-server protocol
    checking in debug servers. (52512)");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55039");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=55475");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54477");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54393");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54044");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=54007");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52711");
  script_set_attribute(attribute:"see_also", value:"https://bugs.mysql.com/bug.php?id=52512");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to MySQL Community Server 5.1.49 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/26");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("mysql_func.inc");


if (report_paranoia < 2) audit(AUDIT_PARANOID);


port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);
vuln = FALSE;

if (mysql_init(port:port, exit_on_fail:TRUE) == 1)
{
  variant = mysql_get_variant();
  version = mysql_get_version();
  ver_fields = split(version, sep:'.', keep:FALSE);
  major = int(ver_fields[0]);
  minor = int(ver_fields[1]);
  rev = int(ver_fields[2]);

  if (
    !isnull(variant) && "Community" >< variant &&
    strlen(version) &&
    major == 5 && minor == 1 && rev < 49
  ) vuln = TRUE;

}
else exit(1, "Can't establish a MySQL connection on port "+port+".");
mysql_close();

if (vuln)
{
  if (report_verbosity > 0)
  {
    report = '\n  Installed version : ' + version +
             '\n  Fixed version     : 5.1.49\n';
    datadir = get_kb_item('mysql/' + port + '/datadir');
    if (!empty_or_null(datadir))
    {
      report += '  Data Dir          : ' + datadir + '\n';
    }
    databases = get_kb_item('mysql/' + port + '/databases');
    if (!empty_or_null(databases))
    { 
      report += '  Databases         :\n' + databases;
    }
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else
{
  if (isnull(variant)) exit(1, "Can't determine the variant of MySQL listening on port "+port+".");
  else if ("Community" >< variant) exit(0, "MySQL version "+version+" is listening on port "+port+" and is not affected.");
  else exit(0, "MySQL "+variant+" is listening on port "+port+" and is not affected.");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-15147.
#

include("compat.inc");

if (description)
{
  script_id(49726);
  script_version("1.13");
  script_cvs_date("Date: 2019/08/02 13:32:31");

  script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43677);
  script_xref(name:"FEDORA", value:"2010-15147");

  script_name(english:"Fedora 14 : mysql-5.1.50-2.fc14 (2010-15147)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to mysql 5.1.50, for numerous bug fixes including some
low-grade security issues.

See upstream release notes at :

  - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html

    -
      http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm
      l

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628062"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628328"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628698"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/048881.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?52e2458d"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"mysql-5.1.50-2.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:0164 and 
# Oracle Linux Security Advisory ELSA-2011-0164 respectively.
#

include("compat.inc");

if (description)
{
  script_id(68184);
  script_version("1.9");
  script_cvs_date("Date: 2019/10/25 13:36:09");

  script_cve_id("CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676);
  script_xref(name:"RHSA", value:"2011:0164");

  script_name(english:"Oracle Linux 6 : mysql (ELSA-2011-0164)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2011:0164 :

Updated mysql packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists
of the MySQL server daemon (mysqld) and many client programs and
libraries.

The MySQL PolyFromWKB() function did not sanity check Well-Known
Binary (WKB) data, which could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3840)

A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to
100%), if a stored procedure contained JOIN queries, and that
procedure was executed twice in sequence. (CVE-2010-3839)

A flaw in the way MySQL processed queries that provide a mixture of
numeric and longblob data types to the LEAST or GREATEST function,
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3838)

A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)

MySQL did not properly pre-evaluate LIKE arguments in view prepare
mode, possibly allowing a remote, authenticated attacker to crash
mysqld. (CVE-2010-3836)

A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)

A flaw in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST, could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3833)

A flaw in the way MySQL handled LOAD DATA INFILE requests allowed
MySQL to send OK packets even when there were errors. (CVE-2010-3683)

A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)

A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated
attacker to crash mysqld. (CVE-2010-3681)

A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements
that define NULL columns when using the InnoDB storage engine, could
allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3680)

A flaw in the way MySQL processed certain values provided to the
BINLOG statement caused MySQL to read unassigned memory. A remote,
authenticated attacker could possibly use this flaw to crash mysqld.
(CVE-2010-3679)

A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments
to the query, could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3678)

A flaw in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3677)

Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,
CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of
service, as mysqld was automatically restarted after each crash.

These updated packages upgrade MySQL to version 5.1.52. Refer to the
MySQL release notes for a full list of changes :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

All MySQL users should upgrade to these updated packages, which
correct these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2011-February/001871.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mysql packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL6", reference:"mysql-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-embedded-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-embedded-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-libs-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"EL6", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-embedded / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1397-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58325);
  script_version("1.15");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2007-5925", "CVE-2008-3963", "CVE-2008-4098", "CVE-2008-4456", "CVE-2008-7247", "CVE-2009-2446", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4484", "CVE-2010-1621", "CVE-2010-1626", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2008", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840", "CVE-2011-2262", "CVE-2012-0075", "CVE-2012-0087", "CVE-2012-0101", "CVE-2012-0102", "CVE-2012-0112", "CVE-2012-0113", "CVE-2012-0114", "CVE-2012-0115", "CVE-2012-0116", "CVE-2012-0117", "CVE-2012-0118", "CVE-2012-0119", "CVE-2012-0120", "CVE-2012-0484", "CVE-2012-0485", "CVE-2012-0486", "CVE-2012-0487", "CVE-2012-0488", "CVE-2012-0489", "CVE-2012-0490", "CVE-2012-0491", "CVE-2012-0492", "CVE-2012-0493", "CVE-2012-0494", "CVE-2012-0495", "CVE-2012-0496");
  script_bugtraq_id(26353, 29106, 31081, 31486, 35609, 37075, 37297, 37640, 37943, 38043, 39543, 40100, 40106, 40109, 40257, 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646, 43676, 51488, 51493, 51502, 51504, 51505, 51508, 51509, 51519, 51520, 51526);
  script_xref(name:"USN", value:"1397-1");

  script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1397-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10,
Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to
MySQL 5.0.95.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.ht
ml.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1397-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected mysql-server-5.0 and / or mysql-server-5.1
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL CertDecoder::GetName Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
  script_cwe_id(20, 59, 79, 119, 134);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"mysql-server-5.0", pkgver:"5.0.95-0ubuntu1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-5.1", pkgver:"5.1.61-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"mysql-server-5.1", pkgver:"5.1.61-0ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"mysql-server-5.1", pkgver:"5.1.61-0ubuntu0.11.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"mysql-server-5.1", pkgver:"5.1.61-0ubuntu0.11.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.0 / mysql-server-5.1");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2011:012. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(51804);
  script_version("1.13");
  script_cvs_date("Date: 2019/08/02 13:32:53");

  script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646);
  script_xref(name:"MDVSA", value:"2011:012");

  script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2011:012)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in mysql :

storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49
allows remote authenticated users to cause a denial of service
(assertion failure) by modifying the (1) innodb_file_format or (2)
innodb_file_per_table configuration parameters for the InnoDB storage
engine, then executing a DDL statement (CVE-2010-3676).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a join query that uses a table with a unique SET column
(CVE-2010-3677).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (crash) via (1) IN or (2) CASE operations with NULL
arguments that are explicitly specified or indirectly provided by the
WITH ROLLUP modifier (CVE-2010-3678).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (mysqld daemon crash) via certain arguments to the
BINLOG command, which triggers an access of uninitialized memory, as
demonstrated by valgrind (CVE-2010-3679).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (mysqld daemon crash) by creating temporary tables
while using InnoDB, which triggers an assertion failure
(CVE-2010-3680).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using the HANDLER interface and performing alternate reads from two
indexes on a table, which triggers an assertion failure
(CVE-2010-3681).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY \(SELECT
... WHERE ...\)' statements, which triggers a NULL pointer dereference
in the Item_singlerow_subselect::store function (CVE-2010-3682).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a
LOAD DATA INFILE request generates SQL errors, which allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a crafted request (CVE-2010-3683).

The updated packages have been upgraded to the latest (last) stable
5.1 release (5.1.54) to address these issues for both Mandriva Linux
2010.0 and 2010.2."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mysql.com/support/eol-notice.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pbxt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_pinba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_revision");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-plugin_sphinx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-bench-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-client-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-common-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-common-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-core-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-doc-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-max-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-extra-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-management-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-storage-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"mysql-ndb-tools-5.1.54-0.1mdv2010.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64mysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql-static-devel-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libmysql16-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-bench-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-client-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-common-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-common-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-core-5.1.54-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pbxt-1.0.11-13.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_pinba-0.0.5-13.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_revision-0.1-13.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"mysql-plugin_sphinx-0.9.9-13.1mdv2010.2", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-02.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(57446);
  script_version("1.9");
  script_cvs_date("Date: 2018/07/11 17:09:26");

  script_cve_id("CVE-2008-3963", "CVE-2008-4097", "CVE-2008-4098", "CVE-2008-4456", "CVE-2008-7247", "CVE-2009-2446", "CVE-2009-4019", "CVE-2009-4028", "CVE-2009-4484", "CVE-2010-1621", "CVE-2010-1626", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2008", "CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3834", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");
  script_bugtraq_id(29106, 31081, 31486, 35609, 37076, 37297, 37640, 37943, 38043, 39543, 40100, 40106, 40109, 40257, 41198, 42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43676);
  script_xref(name:"GLSA", value:"201201-02");

  script_name(english:"GLSA-201201-02 : MySQL: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201201-02
(MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    An unauthenticated remote attacker may be able to execute arbitrary code
      with the privileges of the MySQL process, cause a Denial of Service
      condition, bypass security restrictions, uninstall arbitrary MySQL
      plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201201-02"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All MySQL users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.1.56'
    NOTE: This is a legacy GLSA. Updates for all affected architectures are
      available since May 14, 2011. It is likely that your system is already no
      longer affected by this issue."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL CertDecoder::GetName Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
  script_cwe_id(20, 59, 79, 119, 134, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.1.56"), vulnerable:make_list("lt 5.1.56"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60940);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:19");

  script_cve_id("CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683", "CVE-2010-3833", "CVE-2010-3835", "CVE-2010-3836", "CVE-2010-3837", "CVE-2010-3838", "CVE-2010-3839", "CVE-2010-3840");

  script_name(english:"Scientific Linux Security Update : mysql on SL6.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The MySQL PolyFromWKB() function did not sanity check Well-Known
Binary (WKB) data, which could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3840)

A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to
100%), if a stored procedure contained JOIN queries, and that
procedure was executed twice in sequence. (CVE-2010-3839)

A flaw in the way MySQL processed queries that provide a mixture of
numeric and longblob data types to the LEAST or GREATEST function,
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3838)

A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)

MySQL did not properly pre-evaluate LIKE arguments in view prepare
mode, possibly allowing a remote, authenticated attacker to crash
mysqld. (CVE-2010-3836)

A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)

A flaw in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST, could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3833)

A flaw in the way MySQL handled LOAD DATA INFILE requests allowed
MySQL to send OK packets even when there were errors. (CVE-2010-3683)

A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)

A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated
attacker to crash mysqld. (CVE-2010-3681)

A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements
that define NULL columns when using the InnoDB storage engine, could
allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3680)

A flaw in the way MySQL processed certain values provided to the
BINLOG statement caused MySQL to read unassigned memory. A remote,
authenticated attacker could possibly use this flaw to crash mysqld.
(CVE-2010-3679)

A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments
to the query, could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3678)

A flaw in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3677)

Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680,
CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of
service, as mysqld was automatically restarted after each crash.

These updated packages upgrade MySQL to version 5.1.52. Refer to the
MySQL release notes for a full list of changes :

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically."
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=4794
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b8d8afaf"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"mysql-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-bench-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-devel-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-libs-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-server-5.1.52-1.el6_0.1")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-test-5.1.52-1.el6_0.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-15166.
#

include("compat.inc");

if (description)
{
  script_id(49727);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:31");

  script_cve_id("CVE-2010-3676", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
  script_bugtraq_id(42596, 42598, 42599, 42625, 42633, 42638, 42643, 42646, 43677);
  script_xref(name:"FEDORA", value:"2010-15166");

  script_name(english:"Fedora 13 : mysql-5.1.50-2.fc13 (2010-15166)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to mysql 5.1.50, for numerous bug fixes including some
low-grade security issues.

See upstream release notes at :

  - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html

    -
      http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.htm
      l

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628062"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628328"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=628698"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/048788.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f3e2d6be"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC13", reference:"mysql-5.1.50-2.fc13")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2010:155. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(48399);
  script_version("1.13");
  script_cvs_date("Date: 2019/08/02 13:32:53");

  script_cve_id("CVE-2010-2008", "CVE-2010-3677", "CVE-2010-3678", "CVE-2010-3679", "CVE-2010-3680", "CVE-2010-3681", "CVE-2010-3682", "CVE-2010-3683");
  script_bugtraq_id(41198, 42596, 42598, 42599, 42625, 42633, 42638, 42646);
  script_xref(name:"MDVSA", value:"2010:155-1");

  script_name(english:"Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in mysql :

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash and
database loss) via an ALTER DATABASE command with a #mysql50# string
followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar
sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes
MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as :

  - LOAD DATA INFILE did not check for SQL errors and sent
    an OK packet even when errors were already reported.
    Also, an assert related to client-server protocol
    checking in debug servers sometimes was raised when it
    should not have been. (Bug#52512) (CVE-2010-3683)

  - Using EXPLAIN with queries of the form SELECT ... UNION
    ... ORDER BY (SELECT ... WHERE ...) could cause a server
    crash. (Bug#52711) (CVE-2010-3682)

  - The server could crash if there were alternate reads
    from two indexes on a table using the HANDLER interface.
    (Bug#54007) (CVE-2010-3681)

  - A malformed argument to the BINLOG statement could
    result in Valgrind warnings or a server crash.
    (Bug#54393) (CVE-2010-3679)

  - Incorrect handling of NULL arguments could lead to a
    crash for IN() or CASE operations when NULL arguments
    were either passed explicitly as arguments (for IN()) or
    implicitly generated by the WITH ROLLUP modifier (for
    IN() and CASE). (Bug#54477) (CVE-2010-3678)

  - Joins involving a table with with a unique SET column
    could cause a server crash. (Bug#54575) (CVE-2010-3677)

  - Use of TEMPORARY InnoDB tables with nullable columns
    could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update :

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory.
This advisory provides the missing packages."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=52512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=52711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=54007"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=54044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=54393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=54477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.mysql.com/bug.php?id=54575"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mysql16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmysql16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-max");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-management");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-ndb-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql-static-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64mysql16-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql-static-devel-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libmysql16-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-bench-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-client-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-common-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-doc-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-max-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-extra-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-management-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-storage-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"mysql-ndb-tools-5.1.42-0.6mdv2009.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");