Vulnerabilities > CVE-2012-3149 - Unspecified vulnerability in Oracle Mysql

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus

Summary

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.

Vulnerable Configurations

Part Description Count
Application
Oracle
435

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_5_27.NASL
    descriptionThe version of MySQL 5.5 installed on the remote host is earlier than 5.5.27 and is, therefore, affected by vulnerabilities in the following components : - Information Schema - MySQL Client - Protocol - Server - Server Optimizer - Server Replication
    last seen2020-06-01
    modified2020-06-02
    plugin id62641
    published2012-10-19
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62641
    titleMySQL 5.5 < 5.5.27 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62641);
      script_version("1.8");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id(
        "CVE-2012-3144",
        "CVE-2012-3147",
        "CVE-2012-3149",
        "CVE-2012-3150",
        "CVE-2012-3158",
        "CVE-2012-3163",
        "CVE-2012-3197"
      );
      script_bugtraq_id(55990, 56006, 56008, 56017, 56021, 56022, 56036);
      
      script_name(english:"MySQL 5.5 < 5.5.27 Multiple Vulnerabilities");
      script_summary(english:"Checks version of MySQL server");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote database server is affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of MySQL 5.5 installed on the remote host is earlier than
    5.5.27 and is, therefore, affected by vulnerabilities in the following
    components :
    
      - Information Schema
      - MySQL Client
      - Protocol
      - Server
      - Server Optimizer
      - Server Replication"
      );
      script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.5/en/news-5-5-27.html");
      # https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87547c81");
      script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 5.5.27 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:'5.5.27', min:'5.5', severity:SECURITY_HOLE);
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1621-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.66 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information : http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-x.html http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62815
    published2012-11-06
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62815
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1621-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1621-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62815);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-3144", "CVE-2012-3147", "CVE-2012-3149", "CVE-2012-3150", "CVE-2012-3156", "CVE-2012-3158", "CVE-2012-3160", "CVE-2012-3163", "CVE-2012-3166", "CVE-2012-3167", "CVE-2012-3173", "CVE-2012-3177", "CVE-2012-3180", "CVE-2012-3197");
      script_bugtraq_id(55990, 56003, 56005, 56006, 56008, 56013, 56017, 56018, 56021, 56022, 56027, 56028, 56036, 56041);
      script_xref(name:"USN", value:"1621-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1621-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in MySQL and this update
    includes new upstream MySQL versions to fix these issues.
    
    MySQL has been updated to 5.1.66 in Ubuntu 10.04 LTS and Ubuntu 11.10.
    Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.28.
    
    In addition to security fixes, the updated packages contain bug fixes,
    new features, and possibly incompatible changes.
    
    Please see the following for more information :
    
    http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html
    http://dev.mysql.com/doc/refman/5.5/en/news-5-5-x.html
    http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.h
    tml.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1621-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mysql-server-5.1 and / or mysql-server-5.5
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-5.1", pkgver:"5.1.66-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"mysql-server-5.1", pkgver:"5.1.66-0ubuntu0.11.10.2")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"mysql-server-5.5", pkgver:"5.5.28-0ubuntu0.12.04.2")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"mysql-server-5.5", pkgver:"5.5.28-0ubuntu0.12.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.1 / mysql-server-5.5");
    }