Vulnerabilities > CVE-2014-4240 - Unspecified vulnerability in Oracle Mysql

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus
NVD
Published: 2014-07-17
Updated: 2024-11-21

Summary

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.

Vulnerable Configurations

Part Description Count
Application
Oracle
494

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_6_19.NASL
    descriptionThe version of MySQL 5.6.x installed on the remote host is prior to 5.6.19. It is, therefore, affected by vulnerabilities in the following components : - SRCHAR - SRFTS - SRINFOSC - SROPTZR - SRREP - SRREP - SRSP
    last seen2020-06-01
    modified2020-06-02
    plugin id76530
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76530
    titleMySQL 5.6.x < 5.6.19 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76530);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2014-2484",
    "CVE-2014-4214",
    "CVE-2014-4233",
    "CVE-2014-4238",
    "CVE-2014-4240",
    "CVE-2014-4258",
    "CVE-2014-4260"
  );
  script_bugtraq_id(
    68560,
    68564,
    68573,
    68587,
    68598,
    68602,
    68607
  );

  script_name(english:"MySQL 5.6.x < 5.6.19 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL 5.6.x installed on the remote host is prior to
5.6.19.  It is, therefore, affected by vulnerabilities in the following
components :

  - SRCHAR
  - SRFTS
  - SRINFOSC
  - SROPTZR
  - SRREP
  - SRREP
  - SRSP");
  # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77697fb1");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-19.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL 5.6.19 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/16");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.6.19', min:'5.6', severity:SECURITY_WARNING);
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140819.NASL
    descriptionThis MySQL update provides the following : - upgrade to version 5.5.39, [bnc#887580] - CVE
    last seen2020-06-05
    modified2014-08-29
    plugin id77434
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77434
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(77434);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2014-2484", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4214", "CVE-2014-4233", "CVE-2014-4238", "CVE-2014-4240", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260");

  script_name(english:"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This MySQL update provides the following :

  - upgrade to version 5.5.39, [bnc#887580]

  - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /
    CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /
    CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /
    CVE-2014-4214 / CVE-2014-4243) See also:
    http://www.oracle.com/technetwork/topics/security/cpujul
    2014-1972956.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=887580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-2484.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-2494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4207.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4214.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4233.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4238.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4240.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4243.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4258.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4260.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9624.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mysql-client-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-32bit-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libmysql55client18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libmysql55client_r18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libmysqlclient15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"libmysqlclient_r15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"mysql-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"mysql-client-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"mysql-tools-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client18-32bit-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysql55client_r18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libmysqlclient_r15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mysql-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mysql-client-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"mysql-tools-5.5.39-0.7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140820.NASL
    descriptionThis MySQL update provides the following : - upgrade to version 5.5.39, [bnc#887580] - CVE
    last seen2020-06-05
    modified2014-08-29
    plugin id77435
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77435
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(77435);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2014-2484", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4214", "CVE-2014-4233", "CVE-2014-4238", "CVE-2014-4240", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260");

  script_name(english:"SuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This MySQL update provides the following :

  - upgrade to version 5.5.39, [bnc#887580]

  - CVE's fixed: (CVE-2014-2484 / CVE-2014-4258 /
    CVE-2014-4260 / CVE-2014-2494 / CVE-2014-4238 /
    CVE-2014-4207 / CVE-2014-4233 / CVE-2014-4240 /
    CVE-2014-4214 / CVE-2014-4243) See also:
    http://www.oracle.com/technetwork/topics/security/cpujul
    2014-1972956.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=887580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-2484.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-2494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4207.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4214.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4233.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4238.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4240.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4243.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4258.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-4260.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9624.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysql55client_r18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient15-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mysql-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client18-32bit-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysql55client_r18-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient15-32bit-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libmysqlclient_r15-5.0.96-0.6.13")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mysql-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mysql-client-5.5.39-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"mysql-tools-5.5.39-0.7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References