Vulnerabilities > CVE-2014-2430
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Vulnerable Configurations
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-152-01.NASL description New mariadb packages are available for Slackware 14.1 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 74255 published 2014-06-02 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74255 title Slackware 14.1 / current : mariadb (SSA:2014-152-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2014-152-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(74255); script_version("$Revision: 1.2 $"); script_cvs_date("$Date: 2014/06/11 15:37:52 $"); script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440"); script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896); script_xref(name:"SSA", value:"2014-152-01"); script_name(english:"Slackware 14.1 / current : mariadb (SSA:2014-152-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New mariadb packages are available for Slackware 14.1 and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.379108 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7cd96c04" ); script_set_attribute( attribute:"solution", value:"Update the affected mariadb package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mariadb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.1", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0522.NASL description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0522. last seen 2020-06-01 modified 2020-06-02 plugin id 74128 published 2014-05-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74128 title CentOS 6 : Moderate: / mariadb55-mariadb (CESA-2014:0522) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0522 and # CentOS Errata and Security Advisory 2014:0522 respectively. # include("compat.inc"); if (description) { script_id(74128); script_version("1.5"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440"); script_xref(name:"RHSA", value:"2014:0522"); script_name(english:"CentOS 6 : Moderate: / mariadb55-mariadb (CESA-2014:0522)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0522." ); # https://lists.centos.org/pipermail/centos-announce/2014-May/020309.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3b45391" ); script_set_attribute( attribute:"solution", value:"Update the affected mariadb55-mariadb and / or moderate: packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2436"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-5.5.37-1.3.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-bench-5.5.37-1.3.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-devel-5.5.37-1.3.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-libs-5.5.37-1.3.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-server-5.5.37-1.3.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-test-5.5.37-1.3.el6.centos.alt")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb55-mariadb / mariadb55-mariadb-bench / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBMYSQL55CLIENT18-140527.NASL description MySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL . last seen 2020-06-05 modified 2014-06-07 plugin id 74373 published 2014-06-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74373 title SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(74373); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4316", "CVE-2013-5860", "CVE-2013-5881", "CVE-2013-5882", "CVE-2013-5891", "CVE-2013-5894", "CVE-2013-5908", "CVE-2014-0001", "CVE-2014-0384", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0427", "CVE-2014-0430", "CVE-2014-0431", "CVE-2014-0433", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2434", "CVE-2014-2435", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440", "CVE-2014-2442", "CVE-2014-2444", "CVE-2014-2450", "CVE-2014-2451"); script_name(english:"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "MySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL ." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=858823" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=861493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=873896" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4316.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5860.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5881.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5882.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5891.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5894.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-5908.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0001.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0384.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0386.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0393.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0401.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0402.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0412.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0420.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0427.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0430.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0431.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0433.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0437.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2419.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2430.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2431.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2432.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2434.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2435.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2436.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2438.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2440.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2442.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2444.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2450.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-2451.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9303."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-client-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-32bit-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-client-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mysql-tools-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-102.NASL description Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431). Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438). Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440). The updated packages have been upgraded to the 5.5.37 version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 74080 published 2014-05-19 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74080 title Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:102. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(74080); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440"); script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896); script_xref(name:"MDVSA", value:"2014:102"); script_name(english:"Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431). Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438). Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440). The updated packages have been upgraded to the 5.5.37 version which is not vulnerable to these issues." ); # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ef1fc2a6" ); script_set_attribute( attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5537-changelog/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-feedback"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-obsolete"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-MariaDB"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-devel-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-embedded-devel-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-embedded18-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb18-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-bench-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-client-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-common-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-common-core-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-core-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-extra-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-feedback-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-obsolete-5.5.37-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mysql-MariaDB-5.5.37-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2014-5369.NASL description Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-29 plugin id 73747 published 2014-04-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73747 title Fedora 20 : community-mysql-5.5.37-1.fc20 (2014-5369) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5369. # include("compat.inc"); if (description) { script_id(73747); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440"); script_xref(name:"FEDORA", value:"2014-5369"); script_name(english:"Fedora 20 : community-mysql-5.5.37-1.fc20 (2014-5369)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088133" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088134" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088143" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088146" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088179" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088191" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088197" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132255.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?57919536" ); script_set_attribute( attribute:"solution", value:"Update the affected community-mysql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"community-mysql-5.5.37-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-6120.NASL description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Initial build Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-19 plugin id 74046 published 2014-05-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74046 title Fedora 20 : mariadb-galera-5.5.37-2.fc20 (2014-6120) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5396.NASL description Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-29 plugin id 73749 published 2014-04-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73749 title Fedora 19 : community-mysql-5.5.37-1.fc19 (2014-5396) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5393.NASL description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-29 plugin id 73748 published 2014-04-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73748 title Fedora 20 : mariadb-5.5.37-1.fc20 (2014-5393) NASL family Databases NASL id MYSQL_5_5_37.NASL description The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.37. It is, therefore, potentially affected by an error in file last seen 2020-06-01 modified 2020-06-02 plugin id 73318 published 2014-04-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73318 title MySQL 5.5.x < 5.5.37 MySQL Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0702.NASL description From Red Hat Security Advisory 2014:0702 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 76735 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76735 title Oracle Linux 7 : mariadb (ELSA-2014-0702) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-091.NASL description This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40. last seen 2020-06-01 modified 2020-06-02 plugin id 82344 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82344 title Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2919.NASL description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle last seen 2020-03-17 modified 2014-05-05 plugin id 73855 published 2014-05-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73855 title Debian DSA-2919-1 : mysql-5.5 - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0536.NASL description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 74141 published 2014-05-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74141 title CentOS 5 : mysql55-mysql (CESA-2014:0536) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0537.NASL description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0537. last seen 2020-06-01 modified 2020-06-02 plugin id 74142 published 2014-05-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74142 title CentOS 6 : Moderate: / mysql55-mysql (CESA-2014:0537) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201409-04.NASL description The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77548 published 2014-09-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77548 title GLSA-201409-04 : MySQL: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20140522_MYSQL55_MYSQL_ON_SL5_X.NASL description This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-03-18 modified 2014-05-25 plugin id 74172 published 2014-05-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74172 title Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140522) NASL family Databases NASL id MARIADB_5_5_37.NASL description The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.37. It is, therefore, potentially affected by vulnerabilities due to errors related to the following components : - Client - Options - Performance Schema - RBR last seen 2020-06-01 modified 2020-06-02 plugin id 79826 published 2014-12-09 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79826 title MariaDB 5.5 < 5.5.37 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0536.NASL description Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 74144 published 2014-05-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74144 title RHEL 5 : mysql55-mysql (RHSA-2014:0536) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5409.NASL description This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-29 plugin id 73750 published 2014-04-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73750 title Fedora 19 : mariadb-5.5.37-1.fc19 (2014-5409) NASL family Databases NASL id MYSQL_5_6_17.NASL description The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.17. It is, therefore, potentially affected by vulnerabilities in the following components : - Client - InnoDB - Options - Performance Schema - RBR last seen 2020-06-01 modified 2020-06-02 plugin id 73574 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73574 title MySQL 5.6.x < 5.6.17 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0536.NASL description From Red Hat Security Advisory 2014:0536 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 74143 published 2014-05-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74143 title Oracle Linux 5 : mysql55-mysql (ELSA-2014-0536) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2170-1.NASL description Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml Additionally, Matthias Reichl discovered that the mysql-5.5 packages were missing the patches applied previously in the mysql-5.1 packages to drop the default test database and localhost permissions granting access to any databases starting with last seen 2020-06-01 modified 2020-06-02 plugin id 73680 published 2014-04-24 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73680 title Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2170-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-329.NASL description This update fixes numerous unspecified (by upstream) vulnerabilities in the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier. last seen 2020-06-01 modified 2020-06-02 plugin id 78272 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78272 title Amazon Linux AMI : mysql55 (ALAS-2014-329) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0702.NASL description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 76897 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76897 title RHEL 7 : mariadb (RHSA-2014:0702)
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66858
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://rhn.redhat.com/errata/RHSA-2014-0702.html
- http://rhn.redhat.com/errata/RHSA-2014-0537.html
- http://rhn.redhat.com/errata/RHSA-2014-0536.html
- http://rhn.redhat.com/errata/RHSA-2014-0522.html