Vulnerabilities > CVE-2014-6494

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

Vulnerable Configurations

Part Description Count
OS
Oracle
1
OS
Suse
4
Application
Mariadb
29
Application
Juniper
33
Application
Oracle
63

Nessus

  • NASL familyDatabases
    NASL idMARIADB_10_0_15.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10015-release-notes advisory. These include the following: - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129355
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129355
    titleMariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129355);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/31 15:18:51");
    
      script_cve_id(
        "CVE-2014-6464",
        "CVE-2014-6469",
        "CVE-2014-6491",
        "CVE-2014-6494",
        "CVE-2014-6496",
        "CVE-2014-6500",
        "CVE-2014-6507",
        "CVE-2014-6555",
        "CVE-2014-6559"
      );
      script_bugtraq_id(
        70444,
        70446,
        70451,
        70469,
        70478,
        70487,
        70497,
        70530,
        70550
      );
    
      script_name(english:"MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of MariaDB.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple
    vulnerabilities as referenced in the mariadb-10015-release-notes advisory. These include the following:
      
      - An unspecified vulnerability in the 'SERVER:OPTIMIZER'
        component. This allows a remote, authenticated attacker
        to affect availability. (CVE-2014-6469)
    
      - Two separate, unspecified vulnerabilities in the
        'SERVER:SSL:yaSSL' component. These allow a remote
        attacker to affect confidentiality, integrity, and 
        availability. (CVE-2014-6491, CVE-2014-6500)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-10015-release-notes");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MariaDB version 10.0.15 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6500");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include('mysql_version.inc');
    
    mysql_check_version(variant: 'MariaDB', min:'10.0.0-MariaDB', fixed:make_list('10.0.15-MariaDB'), severity:SECURITY_HOLE);
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-307-01.NASL
    descriptionNew mariadb packages are available for Slackware 14.1 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78829
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78829
    titleSlackware 14.1 / current : mariadb (SSA:2014-307-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2014-307-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78829);
      script_version("1.3");
      script_cvs_date("Date: 2018/12/19 13:21:19");
    
      script_cve_id("CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6496", "CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6555", "CVE-2014-6559");
      script_bugtraq_id(70444, 70446, 70451, 70469, 70478, 70487, 70497, 70530, 70550);
      script_xref(name:"SSA", value:"2014-307-01");
    
      script_name(english:"Slackware 14.1 / current : mariadb (SSA:2014-307-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mariadb packages are available for Slackware 14.1 and -current to
    fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8a8dff1f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.1", pkgname:"mariadb", pkgver:"5.5.40", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.40", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mariadb", pkgver:"5.5.40", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.40", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDatabases
    NASL idMYSQL_5_6_21.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components : - C API SSL CERTIFICATE HANDLING - CLIENT:SSL:yaSSL - SERVER:DML - SERVER:INNODB DML FOREIGN KEYS - SERVER:OPTIMIZER - SERVER:SSL:yaSSL
    last seen2020-06-01
    modified2020-06-02
    plugin id78477
    published2014-10-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78477
    titleMySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78477);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2014-6464",
        "CVE-2014-6469",
        "CVE-2014-6491",
        "CVE-2014-6494",
        "CVE-2014-6496",
        "CVE-2014-6500",
        "CVE-2014-6507",
        "CVE-2014-6555",
        "CVE-2014-6559"
      );
      script_bugtraq_id(
        70444,
        70446,
        70451,
        70469,
        70478,
        70487,
        70497,
        70530,
        70550
      );
    
      script_name(english:"MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)");
      script_summary(english:"Checks the version of MySQL server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL installed on the remote host is version 5.5.x
    prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected
    by errors in the following components :
    
      - C API SSL CERTIFICATE HANDLING
      - CLIENT:SSL:yaSSL
      - SERVER:DML
      - SERVER:INNODB DML FOREIGN KEYS
      - SERVER:OPTIMIZER
      - SERVER:SSL:yaSSL");
      # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5134a40");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 5.5.40 / 5.6.21 or later as referenced in the
    Oracle October 2014 Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6500");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/15");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    
    include("mysql_version.inc");
    mysql_check_version(fixed:make_list('5.5.40', '5.6.21'), severity:SECURITY_HOLE);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-428.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6491) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. (CVE-2014-6559) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6500) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2014-6494)
    last seen2020-06-01
    modified2020-06-02
    plugin id78558
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78558
    titleAmazon Linux AMI : mysql55 (ALAS-2014-428)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-428.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78558);
      script_version("1.4");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6500", "CVE-2014-6559");
      script_xref(name:"ALAS", value:"2014-428");
    
      script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2014-428)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
    are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
    vulnerability allows successful unauthenticated network attacks via
    multiple protocols. Successful attack of this vulnerability can result
    in unauthorized takeover of MySQL Server possibly including arbitrary
    code execution within the MySQL Server. (CVE-2014-6491)
    
    Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions
    that are affected are 5.5.39 and earlier and 5.6.20 and earlier.
    Difficult to exploit vulnerability allows successful unauthenticated
    network attacks via multiple protocols. Successful attack of this
    vulnerability can result in unauthorized read access to all MySQL
    Server accessible data. (CVE-2014-6559)
    
    Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
    are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
    vulnerability allows successful unauthenticated network attacks via
    multiple protocols. Successful attack of this vulnerability can result
    in unauthorized takeover of MySQL Server possibly including arbitrary
    code execution within the MySQL Server. (CVE-2014-6500)
    
    Vulnerability in the MySQL Server component of Oracle MySQL
    (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected
    are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit
    vulnerability allows successful unauthenticated network attacks via
    multiple protocols. Successful attack of this vulnerability can result
    in unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of MySQL Server. (CVE-2014-6494)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-428.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update mysql55' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"mysql55-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-common-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.40-1.3.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.40-1.3.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql55 / mysql55-bench / mysql55-common / mysql55-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2384-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78505
    published2014-10-16
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78505
    titleUbuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2384-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-091.NASL
    descriptionThis update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen2020-06-01
    modified2020-06-02
    plugin id82344
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82344
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10698.NASL
    descriptionAccording to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities : - An error exists within the Apache
    last seen2020-06-01
    modified2020-06-02
    plugin id91778
    published2016-06-23
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91778
    titleJuniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-479.NASL
    descriptionMariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen2020-06-05
    modified2015-07-13
    plugin id84658
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84658
    titleopenSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-150302.NASL
    descriptionThe MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues. More information can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 42.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 41.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 40.html Also various issues with the mysql start script were fixed. (bsc#868673,bsc#878779)
    last seen2020-06-01
    modified2020-06-02
    plugin id82428
    published2015-03-30
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82428
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0743-1.NASL
    descriptionmariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption (bnc#915911). - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381 (bnc#915911). - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382 (bnc#915911). - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911). - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote authenticated users to affect availability via vectors related to Server : InnoDB : DML (bnc#915911). - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allowed remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key (bnc#915911). - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500 (bnc#915912). - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491 (bnc#915912). - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912). - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (bnc#915912). - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (bnc#915912). - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496 (bnc#915912). - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allowed remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494 (bnc#915912). - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allowed remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (bnc#915912). - CVE-2010-5298: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allowed remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (bnc#873351). - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly validate fragment lengths in DTLS ClientHello messages, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (bnc#880891). - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not properly manage a buffer pointer during certain recursive calls, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (bnc#876282). - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allowed remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (bnc#915913). - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did not properly restrict processing of ChangeCipherSpec messages, which allowed man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
    last seen2020-06-01
    modified2020-06-02
    plugin id83716
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83716
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3054.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2014-10-21
    plugin id78589
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78589
    titleDebian DSA-3054-1 : mysql-5.5 - security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201411-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201411-02 (MySQL, MariaDB: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id78880
    published2014-11-06
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78880
    titleGLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities