Vulnerabilities > CVE-2013-1861 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
| description | MySQL and MariaDB Geometry Query Denial Of Service Vulnerability. CVE-2013-1861. Dos exploit for linux platform |
| id | EDB-ID:38392 |
| last seen | 2016-02-04 |
| modified | 2013-03-07 |
| published | 2013-03-07 |
| reporter | Alyssa Milburn |
| source | https://www.exploit-db.com/download/38392/ |
| title | MySQL and MariaDB Geometry Query Denial Of Service Vulnerability |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-10020.NASL description This is an update that uses /var/tmp as default tmpdir to prevent potential issues, fixes CVE-2013-1861 and adds some missing command-line options to man-pages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67261 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67261 title Fedora 19 : community-mysql-5.5.31-7.fc19 (2013-10020) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-10020. # include("compat.inc"); if (description) { script_id(67261); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1861"); script_bugtraq_id(58511); script_xref(name:"FEDORA", value:"2013-10020"); script_name(english:"Fedora 19 : community-mysql-5.5.31-7.fc19 (2013-10020)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is an update that uses /var/tmp as default tmpdir to prevent potential issues, fixes CVE-2013-1861 and adds some missing command-line options to man-pages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=919247" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108884.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3055f5ce" ); script_set_attribute( attribute:"solution", value:"Update the affected community-mysql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"community-mysql-5.5.31-7.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMYSQL55CLIENT18-130815.NASL description This version upgrade of mysql to 5.5.32 fixes multiple security issues : CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 / CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 / CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 / CVE-2013-3807 / CVE-2013-3808 / CVE-2013-3809 / CVE-2013-3810 / CVE-2013-3811 / CVE-2013-3812 Additionally, it contains numerous bug fixes and improvements. : - making mysqldump work with MySQL 5.0. (bnc#768832) - fixed log rights. (bnc#789263 and bnc#803040) - binlog disabled in default configuration. (bnc#791863) - fixed dependencies for client package. (bnc#780019) - minor polishing of spec/installation - avoiding file conflicts with mytop - better fix for hardcoded libdir issue - fix hardcoded plugin paths. (bnc#834028) - Use chown --no-dereference instead of chown to improve security. (bnc#834967) - Adjust to spell !includedir correctly in /etc/my.cnf (bnc#734436) last seen 2020-06-05 modified 2013-08-30 plugin id 69511 published 2013-08-30 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69511 title SuSE 11.3 Security Update : MySQL (SAT Patch Number 8217) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin has been generated automatically from SuSE 11 update # information, and the description text is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(69511); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1861", "CVE-2013-3783", "CVE-2013-3793", "CVE-2013-3794", "CVE-2013-3795", "CVE-2013-3796", "CVE-2013-3798", "CVE-2013-3801", "CVE-2013-3802", "CVE-2013-3804", "CVE-2013-3805", "CVE-2013-3806", "CVE-2013-3807", "CVE-2013-3808", "CVE-2013-3809", "CVE-2013-3810", "CVE-2013-3811", "CVE-2013-3812"); script_name(english:"SuSE 11.3 Security Update : MySQL (SAT Patch Number 8217)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This version upgrade of mysql to 5.5.32 fixes multiple security issues : CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 / CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 / CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 / CVE-2013-3807 / CVE-2013-3808 / CVE-2013-3809 / CVE-2013-3810 / CVE-2013-3811 / CVE-2013-3812 Additionally, it contains numerous bug fixes and improvements. : - making mysqldump work with MySQL 5.0. (bnc#768832) - fixed log rights. (bnc#789263 and bnc#803040) - binlog disabled in default configuration. (bnc#791863) - fixed dependencies for client package. (bnc#780019) - minor polishing of spec/installation - avoiding file conflicts with mytop - better fix for hardcoded libdir issue - fix hardcoded plugin paths. (bnc#834028) - Use chown --no-dereference instead of chown to improve security. (bnc#834967) - Adjust to spell !includedir correctly in /etc/my.cnf (bnc#734436)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=734436" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=768832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=780019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789263" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=791863" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=803040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=830086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834028" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834967" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1861.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3783.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3793.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3794.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3795.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3796.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3798.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3801.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3802.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3804.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3805.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3806.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3808.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3809.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3810.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3811.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3812.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8217."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-client-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-32bit-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client_r18-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-client-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-tools-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-32bit-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.32-0.9.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Databases NASL id MYSQL_5_1_70.NASL description The version of MySQL 5.1 installed on the remote host is earlier than 5.1.70 and is, therefore, potentially affected by vulnerabilities in the following components : - Full Text Search - GIS - Server Optimizer last seen 2020-06-01 modified 2020-06-02 plugin id 68937 published 2013-07-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68937 title MySQL 5.1 < 5.1.70 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(68937); script_version("1.8"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-1861", "CVE-2013-3802", "CVE-2013-3804"); script_bugtraq_id(58511, 61244, 61260); script_name(english:"MySQL 5.1 < 5.1.70 Multiple Vulnerabilities"); script_summary(english:"Checks version of MySQL server"); script_set_attribute(attribute:"synopsis", value: "The remote database server may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL 5.1 installed on the remote host is earlier than 5.1.70 and is, therefore, potentially affected by vulnerabilities in the following components : - Full Text Search - GIS - Server Optimizer"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html"); # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html#AppendixMSQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1facedf"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.1.70 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1861"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'5.1.70', min:'5.1', severity:SECURITY_WARNING);NASL family Solaris Local Security Checks NASL id SOLARIS11_MYSQL_20130924.NASL description The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. (CVE-2008-4098) - sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. (CVE-2008-7247) - MySQL before 5.1.46 allows local users to delete the data and index files of another user last seen 2020-06-01 modified 2020-06-02 plugin id 80705 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80705 title Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80705); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2008-4098", "CVE-2008-7247", "CVE-2010-1626", "CVE-2013-1861"); script_name(english:"Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. (CVE-2008-4098) - sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. (CVE-2008-7247) - MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. (CVE-2010-1626) - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. (CVE-2013-1861)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-mysql script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78a39345" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.10.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_cwe_id(59); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:mysql"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^mysql$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.10.0.5.0", sru:"SRU 11.1.10.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : mysql\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "mysql");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1807-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66215 published 2013-04-25 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66215 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1807-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(66215); script_version("1.17"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2012-0553", "CVE-2012-4414", "CVE-2012-5613", "CVE-2012-5615", "CVE-2012-5627", "CVE-2013-1492", "CVE-2013-1502", "CVE-2013-1506", "CVE-2013-1511", "CVE-2013-1512", "CVE-2013-1521", "CVE-2013-1523", "CVE-2013-1526", "CVE-2013-1532", "CVE-2013-1544", "CVE-2013-1552", "CVE-2013-1555", "CVE-2013-1623", "CVE-2013-1861", "CVE-2013-2375", "CVE-2013-2376", "CVE-2013-2378", "CVE-2013-2389", "CVE-2013-2391", "CVE-2013-2392"); script_bugtraq_id(55498, 56766, 56771, 56837, 57780, 58511, 58594, 58595, 59180, 59188, 59196, 59201, 59207, 59209, 59210, 59211, 59217, 59218, 59224, 59225, 59227, 59229, 59237, 59239, 59242); script_xref(name:"USN", value:"1807-1"); script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1807-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected mysql-server-5.1 and / or mysql-server-5.5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Oracle MySQL for Microsoft Windows FILE Privilege Abuse'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"mysql-server-5.1", pkgver:"5.1.69-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"mysql-server-5.1", pkgver:"5.1.69-0ubuntu0.11.10.1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"mysql-server-5.5", pkgver:"5.5.31-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"mysql-server-5.5", pkgver:"5.5.31-0ubuntu0.12.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.1 / mysql-server-5.5"); }NASL family Databases NASL id MARIADB_5_5_30.NASL description The version of MariaDB 5.5 running on the remote host is prior to 5.5.30. It is, therefore, potentially affected by vulnerabilities in the following components : - GIS - yaSSL last seen 2020-06-01 modified 2020-06-02 plugin id 65732 published 2013-03-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65732 title MariaDB 5.5 < 5.5.30 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(65732); script_version("1.10"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-1492", "CVE-2013-1861"); script_bugtraq_id(58511, 58595); script_name(english:"MariaDB 5.5 < 5.5.30 Multiple Vulnerabilities"); script_summary(english:"Checks MariaDB version"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MariaDB 5.5 running on the remote host is prior to 5.5.30. It is, therefore, potentially affected by vulnerabilities in the following components : - GIS - yaSSL"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-251/"); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5530-release-notes/"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.5/en/news-5-5-30.html"); script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-4252"); script_set_attribute(attribute:"solution", value: "Upgrade to MariaDB 5.5.30 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1492"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/29"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'MariaDB', fixed:'5.5.30-MariaDB', min:'5.5', severity:SECURITY_HOLE);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201409-04.NASL description The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77548 published 2014-09-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77548 title GLSA-201409-04 : MySQL: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201409-04. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(77548); script_version("1.6"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2013-1861", "CVE-2013-2134", "CVE-2013-3839", "CVE-2013-5767", "CVE-2013-5770", "CVE-2013-5786", "CVE-2013-5793", "CVE-2013-5807", "CVE-2013-5860", "CVE-2013-5881", "CVE-2013-5882", "CVE-2013-5891", "CVE-2013-5894", "CVE-2013-5908", "CVE-2014-0001", "CVE-2014-0384", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0427", "CVE-2014-0430", "CVE-2014-0431", "CVE-2014-0433", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2434", "CVE-2014-2435", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440"); script_bugtraq_id(58511, 60346, 63105, 63107, 63109, 63113, 63116, 63119, 64849, 64854, 64864, 64868, 64873, 64877, 64880, 64885, 64888, 64891, 64893, 64895, 64896, 64897, 64898, 64904, 64908, 65298, 66835, 66846, 66850, 66853, 66858, 66872, 66875, 66880, 66890, 66896); script_xref(name:"GLSA", value:"201409-04"); script_name(english:"GLSA-201409-04 : MySQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201409-04" ); script_set_attribute( attribute:"solution", value: "All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.5.39'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.5.39"), vulnerable:make_list("lt 5.5.39"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MySQL"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMYSQL55CLIENT18-130926.NASL description This version upgrade of mysql to 5.5.33 fixed multiple security issues : - CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 - CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 - CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 - CVE-2013-3807 / CVE-2013-3808 / CVE-2013-3809 / CVE-2013-3810 - Additionally, it contains numerous bug fixes and improvements.:. (CVE-2013-3811 / CVE-2013-3812) - fixed mysqldump with MySQL 5.0. (bnc#768832) - fixed log rights. (bnc#789263 and bnc#803040 and bnc#792332) - binlog disabled in default configuration. (bnc#791863) - fixed dependencies for client package. (bnc#780019) - minor polishing of spec/installation - avoid file conflicts with mytop - better fix for hard-coded libdir issue - fixed hard-coded plugin paths. (bnc#834028) - use chown --no-dereference instead of chown to improve security. (bnc#834967) - adjust to spell !includedir correctly in /etc/my.cnf. (bnc#734436) - typo in init script stops database on update (bnc#837801) last seen 2020-06-05 modified 2013-10-08 plugin id 70328 published 2013-10-08 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70328 title SuSE 11.3 Security Update : mysql, mysql-client (SAT Patch Number 8364) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(70328); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1861", "CVE-2013-3783", "CVE-2013-3793", "CVE-2013-3794", "CVE-2013-3795", "CVE-2013-3796", "CVE-2013-3798", "CVE-2013-3801", "CVE-2013-3802", "CVE-2013-3804", "CVE-2013-3805", "CVE-2013-3806", "CVE-2013-3807", "CVE-2013-3808", "CVE-2013-3809", "CVE-2013-3810", "CVE-2013-3811", "CVE-2013-3812"); script_name(english:"SuSE 11.3 Security Update : mysql, mysql-client (SAT Patch Number 8364)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This version upgrade of mysql to 5.5.33 fixed multiple security issues : - CVE-2013-1861 / CVE-2013-3783 / CVE-2013-3793 / CVE-2013-3794 - CVE-2013-3795 / CVE-2013-3796 / CVE-2013-3798 / CVE-2013-3801 - CVE-2013-3802 / CVE-2013-3804 / CVE-2013-3805 / CVE-2013-3806 - CVE-2013-3807 / CVE-2013-3808 / CVE-2013-3809 / CVE-2013-3810 - Additionally, it contains numerous bug fixes and improvements.:. (CVE-2013-3811 / CVE-2013-3812) - fixed mysqldump with MySQL 5.0. (bnc#768832) - fixed log rights. (bnc#789263 and bnc#803040 and bnc#792332) - binlog disabled in default configuration. (bnc#791863) - fixed dependencies for client package. (bnc#780019) - minor polishing of spec/installation - avoid file conflicts with mytop - better fix for hard-coded libdir issue - fixed hard-coded plugin paths. (bnc#834028) - use chown --no-dereference instead of chown to improve security. (bnc#834967) - adjust to spell !includedir correctly in /etc/my.cnf. (bnc#734436) - typo in init script stops database on update (bnc#837801)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=734436" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=768832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=780019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789263" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=791863" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=792332" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=803040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=830086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834028" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=837801" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1861.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3783.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3793.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3794.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3795.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3796.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3798.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3801.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3802.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3804.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3805.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3806.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3808.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3809.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3810.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3811.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-3812.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8364."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-client-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-32bit-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client_r18-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient_r15-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-client-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-tools-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-32bit-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.33-0.11.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2818.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.33, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes for further details : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 32.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 33.html In addition this update fixes two issues affecting specifically the mysql-5.5 Debian package : A race condition in the post-installation script of the mysql-server-5.5 package creates the configuration file last seen 2020-03-17 modified 2013-12-17 plugin id 71474 published 2013-12-17 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71474 title Debian DSA-2818-1 : mysql-5.5 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2818. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(71474); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1861", "CVE-2013-2162", "CVE-2013-3783", "CVE-2013-3793", "CVE-2013-3802", "CVE-2013-3804", "CVE-2013-3809", "CVE-2013-3812", "CVE-2013-3839", "CVE-2013-5807"); script_bugtraq_id(58511, 60424, 61210, 61244, 61249, 61260, 61264, 61272, 63105, 63109); script_xref(name:"DSA", value:"2818"); script_name(english:"Debian DSA-2818-1 : mysql-5.5 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.33, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes for further details : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 32.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 33.html In addition this update fixes two issues affecting specifically the mysql-5.5 Debian package : A race condition in the post-installation script of the mysql-server-5.5 package creates the configuration file '/etc/mysql/debian.cnf' with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials for the debian-sys-maint to perform administration tasks. (CVE-2013-2162 ) Matthias Reichl reported that the mysql-5.5 package misses the patches applied previous in Debian's mysql-5.1 to drop the database 'test' and the permissions that allow anonymous access, without a password, from localhost to the 'test' database and any databases starting with'test_'. This update reintroduces these patches for the mysql-5.5 package. Existing databases and permissions are not touched. Please refer to the NEWS file provided with this update for further information." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732306" ); # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-33.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-33.html" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2162" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mysql-5.5" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2818" ); script_set_attribute( attribute:"solution", value: "Upgrade the mysql-5.5 packages. For the stable distribution (wheezy), these problems have been fixed in version 5.5.33+dfsg-0+wheezy1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libmysqlclient-dev", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libmysqlclient18", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libmysqld-dev", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libmysqld-pic", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-client", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-client-5.5", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-common", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-server", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-server-5.5", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-server-core-5.5", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-source-5.5", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"mysql-testsuite-5.5", reference:"5.5.33+dfsg-0+wheezy1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Databases NASL id MARIADB_5_5_32.NASL description The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.32. It is, therefore, potentially affected by the following vulnerabilities : - Errors exist related to the following subcomponents : Audit Log, Data Manipulation Language, Full Text Search, GIS, Server Optimizer, Server Parser and Server Replication. (CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812) - Errors exist in the files last seen 2020-06-01 modified 2020-06-02 plugin id 72373 published 2014-02-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72373 title MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72373); script_version("1.11"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2013-1861", "CVE-2013-3783", "CVE-2013-3793", "CVE-2013-3802", "CVE-2013-3804", "CVE-2013-3809", "CVE-2013-3812" ); script_bugtraq_id( 58511, 61210, 61244, 61249, 61260, 61264, 61272, 62085 ); script_name(english:"MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities"); script_summary(english:"Checks MariaDB version"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.32. It is, therefore, potentially affected by the following vulnerabilities : - Errors exist related to the following subcomponents : Audit Log, Data Manipulation Language, Full Text Search, GIS, Server Optimizer, Server Parser and Server Replication. (CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812) - Errors exist in the files 'sql/item_func.cc', 'sql/item_sum.cc', 'sql/item_timefunc.cc', 'sql/opt_range.cc', 'sql/sql_derived.cc', 'sql/sql_insert.cc', 'sql/sql_select.cc', 'sql/sql_table.cc', 'sql/table.cc' and 'storage/innobase/mem/mem0mem.c' that could allow denial of service attacks. - Errors exist in the functions or methods 'CONVERT_TZ Item_func_min_max::get_date', 'my_decimal2decimal', 'setup_ref_array' and 'st_select_lex::nest_last_join' that could allow denial of service attacks. - A buffer overflow error exists in the file 'sql/opt_range.cc' in the function 'QUICK_GROUP_MIN_MAX_SELECT::next_min' that could allow denial of service attacks and possibly arbitrary code execution - An unspecified issue exists in the file 'dbug/dbug.c' in the macro 'str_to_buf' that has an unspecified impact."); script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5532-changelog/"); script_set_attribute(attribute:"solution", value: "Upgrade to MariaDB version 5.5.32 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-3809"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'MariaDB', fixed:'5.5.32-MariaDB', min:'5.5', severity:SECURITY_WARNING);NASL family Databases NASL id MYSQL_5_6_12.NASL description The version of MySQL installed on the remote host is 5.6.x older than 5.6.12. As such, it is reportedly affected by vulnerabilities in the following components : - Audit Log - Data Manipulation Language - Full Text Search - GIS - InnoDB - Locking - MemCached - Server Optimizer - Server Privileges - Server Replication - XA Transactions last seen 2020-06-01 modified 2020-06-02 plugin id 68939 published 2013-07-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68939 title MySQL 5.6.x < 5.6.12 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1909-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-70.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826. html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 69073 published 2013-07-26 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69073 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1909-1) NASL family Databases NASL id MYSQL_5_5_32.NASL description The version of MySQL 5.5.x installed on the remote host is prior to 5.5.32. It is, therefore, affected by multiple vulnerabilities in the following components : - Audit Log - Data Manipulation Language - Full Text Search - GIS - Server : Optimizer - Server : Parser - Server : Replication last seen 2020-06-01 modified 2020-06-02 plugin id 68938 published 2013-07-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68938 title MySQL 5.5 < 5.5.32 Multiple Vulnerabilities
Redhat
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 58511 CVE(CAN) ID: CVE-2013-1861 Oracle MySQL Server是一个小型关系型数据库管理系统。MariaDB 是一个采用Maria存储引擎的MySQL分支版本,是免费开源的数据库服务器。 MySQL和MariaDB在转换原始geometry对象的二进制字符串表达式为文本表达式时,MySQL的空间函数长度检查会产生溢出,造成应用崩溃。 0 MySQL AB MySQL 厂商补丁: MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mysql.com/ |
| id | SSV:60679 |
| last seen | 2017-11-19 |
| modified | 2013-03-19 |
| published | 2013-03-19 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-60679 |
| title | MySQL 和 MariaDB Geometry 查询拒绝服务漏洞 |
References
- http://www.osvdb.org/91415
- https://bugzilla.redhat.com/show_bug.cgi?id=919247
- http://secunia.com/advisories/52639
- http://seclists.org/oss-sec/2013/q1/671
- http://www.securityfocus.com/bid/58511
- https://mariadb.atlassian.net/browse/MDEV-4252
- http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://www.ubuntu.com/usn/USN-1909-1
- http://secunia.com/advisories/54300
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
- http://www.debian.org/security/2013/dsa-2818
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82895