Vulnerabilities > CVE-2014-2436

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
oracle
mariadb
redhat
nessus

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

Vulnerable Configurations

Part Description Count
Application
Oracle
56
Application
Mariadb
25
OS
Oracle
1
OS
Redhat
18

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-152-01.NASL
    descriptionNew mariadb packages are available for Slackware 14.1 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74255
    published2014-06-02
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74255
    titleSlackware 14.1 / current : mariadb (SSA:2014-152-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2014-152-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74255);
      script_version("$Revision: 1.2 $");
      script_cvs_date("$Date: 2014/06/11 15:37:52 $");
    
      script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440");
      script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896);
      script_xref(name:"SSA", value:"2014-152-01");
    
      script_name(english:"Slackware 14.1 / current : mariadb (SSA:2014-152-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mariadb packages are available for Slackware 14.1 and -current to
    fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.379108
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7cd96c04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.1", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.37", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0522.NASL
    descriptionThe remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0522.
    last seen2020-06-01
    modified2020-06-02
    plugin id74128
    published2014-05-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74128
    titleCentOS 6 : Moderate: / mariadb55-mariadb (CESA-2014:0522)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0522 and 
    # CentOS Errata and Security Advisory 2014:0522 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74128);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440");
      script_xref(name:"RHSA", value:"2014:0522");
    
      script_name(english:"CentOS 6 : Moderate: / mariadb55-mariadb (CESA-2014:0522)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote CentOS host is missing a security update which has been
    documented in Red Hat advisory RHSA-2014:0522."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-May/020309.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3b45391"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb55-mariadb and / or moderate: packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2436");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:mariadb55-mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-5.5.37-1.3.el6.centos.alt")) flag++;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-bench-5.5.37-1.3.el6.centos.alt")) flag++;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-devel-5.5.37-1.3.el6.centos.alt")) flag++;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-libs-5.5.37-1.3.el6.centos.alt")) flag++;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-server-5.5.37-1.3.el6.centos.alt")) flag++;
    if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"mariadb55-mariadb-test-5.5.37-1.3.el6.centos.alt")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb55-mariadb / mariadb55-mariadb-bench / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140527.NASL
    descriptionMySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL .
    last seen2020-06-05
    modified2014-06-07
    plugin id74373
    published2014-06-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74373
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74373);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4316", "CVE-2013-5860", "CVE-2013-5881", "CVE-2013-5882", "CVE-2013-5891", "CVE-2013-5894", "CVE-2013-5908", "CVE-2014-0001", "CVE-2014-0384", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0427", "CVE-2014-0430", "CVE-2014-0431", "CVE-2014-0433", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2434", "CVE-2014-2435", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440", "CVE-2014-2442", "CVE-2014-2444", "CVE-2014-2450", "CVE-2014-2451");
    
      script_name(english:"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MySQL was updated to version 5.5.37 to address various security
    issues.
    
    More information is available at
    http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h
    tml#AppendixMSQL and
    http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h
    tml#AppendixMSQL ."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=858823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=861493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=873896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4316.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5860.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5881.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5882.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5891.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5894.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5908.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0001.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0384.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0386.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0393.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0401.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0402.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0412.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0420.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0427.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0430.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0431.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0433.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0437.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2419.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2430.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2431.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2432.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2434.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2435.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2436.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2438.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2440.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2442.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2444.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2450.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2451.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9303.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-client-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-32bit-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"libmysql55client_r18-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"libmysqlclient_r15-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"mysql-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"mysql-client-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"mysql-tools-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.37-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-102.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in mariadb : Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML (CVE-2014-0384). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2014-2419). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema (CVE-2014-2430). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options (CVE-2014-2431). Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated (CVE-2014-2432). Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR (CVE-2014-2436). Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-2438). Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-2440). The updated packages have been upgraded to the 5.5.37 version which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74080
    published2014-05-19
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74080
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2014:102)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2014:102. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74080);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440");
      script_bugtraq_id(66835, 66846, 66850, 66858, 66875, 66880, 66890, 66896);
      script_xref(name:"MDVSA", value:"2014:102");
    
      script_name(english:"Mandriva Linux Security Advisory : mariadb (MDVSA-2014:102)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in 
    mariadb :
    
    Unspecified vulnerability in the MySQL Server component in Oracle
    MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote
    authenticated users to affect availability via vectors related to XML
    (CVE-2014-0384).
    
    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
    and 5.6.15 and earlier allows remote authenticated users to affect
    availability via unknown vectors related to Partition (CVE-2014-2419).
    
    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
    and 5.6.16 and earlier allows remote authenticated users to affect
    availability via unknown vectors related to Performance Schema
    (CVE-2014-2430).
    
    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
    and 5.6.16 and earlier allows remote attackers to affect availability
    via unknown vectors related to Options (CVE-2014-2431).
    
    Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and
    earlier and 5.6.15 and earlier allows remote authenticated users to
    affect availability via unknown vectors related to Federated
    (CVE-2014-2432).
    
    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
    and 5.6.16 and earlier allows remote authenticated users to affect
    confidentiality, integrity, and availability via vectors related to
    RBR (CVE-2014-2436).
    
    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
    and 5.6.15 and earlier allows remote authenticated users to affect
    availability via unknown vectors related to Replication
    (CVE-2014-2438).
    
    Unspecified vulnerability in the MySQL Client component in Oracle
    MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote
    attackers to affect confidentiality, integrity, and availability via
    unknown vectors (CVE-2014-2440).
    
    The updated packages have been upgraded to the 5.5.37 version which is
    not vulnerable to these issues."
      );
      # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ef1fc2a6"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-5537-changelog/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-feedback");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-obsolete");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-MariaDB");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-devel-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-embedded-devel-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb-embedded18-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mariadb18-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-bench-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-client-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-common-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-common-core-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-core-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-extra-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-feedback-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mariadb-obsolete-5.5.37-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mysql-MariaDB-5.5.37-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5369.NASL
    descriptionUpdate to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-29
    plugin id73747
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73747
    titleFedora 20 : community-mysql-5.5.37-1.fc20 (2014-5369)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-5369.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73747);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440");
      script_xref(name:"FEDORA", value:"2014-5369");
    
      script_name(english:"Fedora 20 : community-mysql-5.5.37-1.fc20 (2014-5369)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to MySQL 5.5.37, for various fixes described at
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088197"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132255.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?57919536"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"community-mysql-5.5.37-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-6120.NASL
    descriptionThis is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Initial build Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-05-19
    plugin id74046
    published2014-05-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74046
    titleFedora 20 : mariadb-galera-5.5.37-2.fc20 (2014-6120)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5396.NASL
    descriptionUpdate to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-29
    plugin id73749
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73749
    titleFedora 19 : community-mysql-5.5.37-1.fc19 (2014-5396)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5393.NASL
    descriptionThis is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-29
    plugin id73748
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73748
    titleFedora 20 : mariadb-5.5.37-1.fc20 (2014-5393)
  • NASL familyDatabases
    NASL idMYSQL_5_5_37.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.5.x prior to 5.5.37. It is, therefore, potentially affected by an error in file
    last seen2020-06-01
    modified2020-06-02
    plugin id73318
    published2014-04-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73318
    titleMySQL 5.5.x < 5.5.37 MySQL Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0702.NASL
    descriptionFrom Red Hat Security Advisory 2014:0702 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id76735
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76735
    titleOracle Linux 7 : mariadb (ELSA-2014-0702)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-091.NASL
    descriptionThis update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen2020-06-01
    modified2020-06-02
    plugin id82344
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82344
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2919.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2014-05-05
    plugin id73855
    published2014-05-05
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73855
    titleDebian DSA-2919-1 : mysql-5.5 - security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0536.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id74141
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74141
    titleCentOS 5 : mysql55-mysql (CESA-2014:0536)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0537.NASL
    descriptionThe remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0537.
    last seen2020-06-01
    modified2020-06-02
    plugin id74142
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74142
    titleCentOS 6 : Moderate: / mysql55-mysql (CESA-2014:0537)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201409-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77548
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77548
    titleGLSA-201409-04 : MySQL: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140522_MYSQL55_MYSQL_ON_SL5_X.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2014-05-25
    plugin id74172
    published2014-05-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74172
    titleScientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140522)
  • NASL familyDatabases
    NASL idMARIADB_5_5_37.NASL
    descriptionThe version of MariaDB 5.5 running on the remote host is a version prior to 5.5.37. It is, therefore, potentially affected by vulnerabilities due to errors related to the following components : - Client - Options - Performance Schema - RBR
    last seen2020-06-01
    modified2020-06-02
    plugin id79826
    published2014-12-09
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79826
    titleMariaDB 5.5 < 5.5.37 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0536.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id74144
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74144
    titleRHEL 5 : mysql55-mysql (RHSA-2014:0536)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5409.NASL
    descriptionThis is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-29
    plugin id73750
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73750
    titleFedora 19 : mariadb-5.5.37-1.fc19 (2014-5409)
  • NASL familyDatabases
    NASL idMYSQL_5_6_17.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.6.x prior to 5.6.17. It is, therefore, potentially affected by vulnerabilities in the following components : - Client - InnoDB - Options - Performance Schema - RBR
    last seen2020-06-01
    modified2020-06-02
    plugin id73574
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73574
    titleMySQL 5.6.x < 5.6.17 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0536.NASL
    descriptionFrom Red Hat Security Advisory 2014:0536 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id74143
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74143
    titleOracle Linux 5 : mysql55-mysql (ELSA-2014-0536)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2170-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml Additionally, Matthias Reichl discovered that the mysql-5.5 packages were missing the patches applied previously in the mysql-5.1 packages to drop the default test database and localhost permissions granting access to any databases starting with
    last seen2020-06-01
    modified2020-06-02
    plugin id73680
    published2014-04-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73680
    titleUbuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2170-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-329.NASL
    descriptionThis update fixes numerous unspecified (by upstream) vulnerabilities in the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier.
    last seen2020-06-01
    modified2020-06-02
    plugin id78272
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78272
    titleAmazon Linux AMI : mysql55 (ALAS-2014-329)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0702.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id76897
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76897
    titleRHEL 7 : mariadb (RHSA-2014:0702)

Redhat

advisories
  • rhsa
    idRHSA-2014:0522
  • rhsa
    idRHSA-2014:0536
  • rhsa
    idRHSA-2014:0537
  • rhsa
    idRHSA-2014:0702
rpms
  • mariadb55-mariadb-0:5.5.37-1.3.el6
  • mariadb55-mariadb-bench-0:5.5.37-1.3.el6
  • mariadb55-mariadb-debuginfo-0:5.5.37-1.3.el6
  • mariadb55-mariadb-devel-0:5.5.37-1.3.el6
  • mariadb55-mariadb-libs-0:5.5.37-1.3.el6
  • mariadb55-mariadb-server-0:5.5.37-1.3.el6
  • mariadb55-mariadb-test-0:5.5.37-1.3.el6
  • mysql55-mysql-0:5.5.37-1.el5
  • mysql55-mysql-bench-0:5.5.37-1.el5
  • mysql55-mysql-debuginfo-0:5.5.37-1.el5
  • mysql55-mysql-devel-0:5.5.37-1.el5
  • mysql55-mysql-libs-0:5.5.37-1.el5
  • mysql55-mysql-server-0:5.5.37-1.el5
  • mysql55-mysql-test-0:5.5.37-1.el5
  • mysql55-mysql-0:5.5.37-1.2.el6
  • mysql55-mysql-bench-0:5.5.37-1.2.el6
  • mysql55-mysql-debuginfo-0:5.5.37-1.2.el6
  • mysql55-mysql-devel-0:5.5.37-1.2.el6
  • mysql55-mysql-libs-0:5.5.37-1.2.el6
  • mysql55-mysql-server-0:5.5.37-1.2.el6
  • mysql55-mysql-test-0:5.5.37-1.2.el6
  • mariadb-1:5.5.37-1.el7_0
  • mariadb-bench-1:5.5.37-1.el7_0
  • mariadb-debuginfo-1:5.5.37-1.el7_0
  • mariadb-devel-1:5.5.37-1.el7_0
  • mariadb-embedded-1:5.5.37-1.el7_0
  • mariadb-embedded-devel-1:5.5.37-1.el7_0
  • mariadb-libs-1:5.5.37-1.el7_0
  • mariadb-server-1:5.5.37-1.el7_0
  • mariadb-test-1:5.5.37-1.el7_0