Vulnerabilities > CVE-2012-2750

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59967);
  script_version("1.11");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2012-1689", "CVE-2012-2750");
  script_bugtraq_id(54547, 63125);

  script_name(english:"MySQL 5.5 < 5.5.23 Multiple Unspecified Vulnerabilities");
  script_summary(english:"Checks version of MySQL server");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple unspecified
vulnerabilities."
  );
  script_set_attribute(attribute:"description", value:
"The version of MySQL 5.5 installed on the remote host is a version
prior to 5.5.23.  As such, it is affected by two unspecified
vulnerabilities related to the 'Server Optimizer' component."
  );
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=833742");
  # http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html#Oracle%20MySQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d4671b2");
  # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f2d5fae1");
  script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 5.5.23 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.5.23', min:'5.5', severity:SECURITY_HOLE);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2780. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70502);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2750", "CVE-2013-3839");
  script_bugtraq_id(63109, 63125);
  script_xref(name:"DSA", value:"2780");

  script_name(english:"Debian DSA-2780-1 : mysql-5.1 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This DSA updates the MySQL database to 5.1.72. This fixes multiple
unspecified security problems in the Optimizer component:
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.h
tml"
  );
  # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4b0d41c4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/mysql-5.1"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2780"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mysql-5.1 packages.

For the oldstable distribution (squeeze), these problems have been
fixed in version 5.1.72-2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-5.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"libmysqlclient-dev", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"libmysqlclient16", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"libmysqld-dev", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"libmysqld-pic", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-client", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-client-5.1", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-common", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-server", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-server-5.1", reference:"5.1.72-2")) flag++;
if (deb_check(release:"6.0", prefix:"mysql-server-core-5.1", reference:"5.1.72-2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70461);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2012-2750", "CVE-2013-3839");
  script_bugtraq_id(63109, 63125);

  script_name(english:"MySQL 5.1 < 5.1.71 Server Optimizer Denial of Service");
  script_summary(english:"Checks version of MySQL server");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server may be affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL 5.1 installed on the remote host is earlier than
5.1.71.  It is, therefore, potentially affected by multiple denial of
service vulnerabilities in the 'Server Optimizer' component. 

Note: Oracle has provided a workaround to address the issue for
CVE-2012-2750.");
  # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f2d5fae1");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-71.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 5.1.71 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.1.71', min:'5.1', severity:SECURITY_HOLE);