Vulnerabilities > CVE-2015-3152 - Improper Certificate Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Creating a Rogue Certificate Authority Certificate An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1079.NASL description The Perl library for communicating with MySQL database, used in the last seen 2020-03-17 modified 2017-09-01 plugin id 102887 published 2017-09-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102887 title Debian DLA-1079-1 : libdbd-mysql-perl security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1079-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(102887); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-10788", "CVE-2017-10789"); script_name(english:"Debian DLA-1079-1 : libdbd-mysql-perl security update"); script_summary(english:"Checks dpkg output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Perl library for communicating with MySQL database, used in the 'mysql' commandline client is vulnerable to a man in the middle attack in SSL configurations and remote crash when connecting to hostile servers. CVE-2017-10788 The DBD::mysql module through 4.042 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. CVE-2017-10789 The DBD::mysql module through 4.042 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. For Debian 7 'Wheezy', these problems have been fixed in version 4.021-1+deb7u3. We recommend that you upgrade your libdbd-mysql-perl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/08/msg00033.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libdbd-mysql-perl" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected libdbd-mysql-perl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdbd-mysql-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libdbd-mysql-perl", reference:"4.021-1+deb7u3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CGI abuses NASL id PHP_5_4_43.NASL description According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.43. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as last seen 2020-06-01 modified 2020-06-02 plugin id 84671 published 2015-07-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84671 title PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84671); script_version("1.17"); script_cvs_date("Date: 2019/03/27 13:17:50"); script_cve_id( "CVE-2015-3152", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-8838" ); script_bugtraq_id( 74398, 75970, 75974, 88763 ); script_name(english:"PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.43. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as 'BACKRONYM', exists due to a failure to properly enforce the requirement of an SSL/TLS connection when the --ssl client option is used. A man-in-the-middle attacker can exploit this flaw to coerce the client to downgrade to an unencrypted connection, allowing the attacker to disclose data from the database or manipulate database queries. (CVE-2015-3152) - A flaw in the phar_convert_to_other function in ext/phar/phar_object.c could allow a remote attacker to cause a denial of service. (CVE-2015-5589) - A Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c could allow a remote attacker to cause a denial of service. (CVE-2015-5590) - A flaw exists in the PHP Connector/C component due to a failure to properly enforce the requirement of an SSL/TLS connection when the --ssl client option is used. A man-in-the-middle attacker can exploit this to downgrade the connection to plain HTTP when HTTPS is expected. (CVE-2015-8838) - An unspecified flaw exists in the phar_convert_to_other() function in phar_object.c during the conversion of invalid TAR files. An attacker can exploit this flaw to crash a PHP application, resulting in a denial of service condition. - A flaw exists in the parse_ini_file() and parse_ini_string() functions due to improper handling of strings that contain a line feed followed by an escape character. An attacker can exploit this to crash a PHP application, resulting in a denial of service condition. - A user-after-free error exists in the object_custom() function in var_unserializer.c due to improper validation of user-supplied input. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.43"); script_set_attribute(attribute:"see_also", value:"http://backronym.fail/"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 5.4.43 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5589"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/10"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port); if (version =~ "^5\.4\.([0-9]|[1-3][0-9]|4[0-2])($|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 5.4.43' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2340.NASL description According to the version of the perl-DBD-MySQL package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting last seen 2020-06-01 modified 2020-06-02 plugin id 131505 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131505 title EulerOS Virtualization for ARM 64 3.0.3.0 : perl-DBD-MySQL (EulerOS-SA-2019-2340) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131505); script_version("1.2"); script_cvs_date("Date: 2019/12/10"); script_cve_id( "CVE-2017-10789" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : perl-DBD-MySQL (EulerOS-SA-2019-2340)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the perl-DBD-MySQL package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a 'your communication with the server will be encrypted' statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.(CVE-2017-10789) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2340 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53a701d6"); script_set_attribute(attribute:"solution", value: "Update the affected perl-DBD-MySQL package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-DBD-MySQL"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["perl-DBD-MySQL-4.046-4.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-MySQL"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1273-1.NASL description This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84913 published 2015-07-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84913 title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1273-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(84913); script_version("2.18"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2014-8964", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573", "CVE-2015-3152"); script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175); script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=906574" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919062" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920865" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=921333" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924960" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924961" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=934789" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936408" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936409" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8964/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0433/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0441/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0499/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0501/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0505/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2325/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2326/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2568/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2571/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2573/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3152/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?eb0c49d8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12 : zypper in -t patch SUSE-SLE-WE-12-2015-332=1 SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-332=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debugsource-10.0.20-18.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-errormessages-10.0.20-18.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb"); }NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16845.NASL description An unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. (CVE-2015-3152) Impact Although the BIG-IP system includes the vulnerable components, in a standard configuration, the vulnerability is not exposed. The MySQL Client could be used to initiate connections from the BIG-IP CLI, to a remote database, using SSL/TLS. The built-in BIG-IP MySQL monitor does not support SSL/TLS. However, a custom External Application Verification (EAV) monitor could be written to use MySQL with SSL/TLS. In a standard/default configuration, the BIG-IP system is not vulnerable. Note : Enterprise Manager does not support the configuration of EAV monitors. last seen 2020-06-01 modified 2020-06-02 plugin id 111708 published 2018-08-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111708 title F5 Networks BIG-IP : MySQL vulnerability (K16845) (BACKRONYM) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_36BD352D299B11E586FF14DAE9D210B8.NASL description Duo Security reports : Researchers have identified a serious vulnerability in some versions of Oracle last seen 2020-06-01 modified 2020-06-02 plugin id 84696 published 2015-07-14 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84696 title FreeBSD : mysql -- SSL Downgrade (36bd352d-299b-11e5-86ff-14dae9d210b8) (BACKRONYM) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-584.NASL description PHP process crashes when processing an invalid file with the last seen 2020-06-01 modified 2020-06-02 plugin id 85457 published 2015-08-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85457 title Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1554.NASL description According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.(CVE-2016-0643) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.(CVE-2016-0608) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.(CVE-2016-0644) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.(CVE-2014-6507) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.(CVE-2016-0646) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.(CVE-2016-0600) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0597) - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.(CVE-2014-0001) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.(CVE-2016-0648) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-0596) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0616) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.(CVE-2016-0649) - It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 125007 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125007 title EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3311.NASL description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10017-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10018-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10019-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10020-release- notes/ last seen 2020-06-01 modified 2020-06-02 plugin id 84839 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84839 title Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1638-1.NASL description This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don last seen 2020-06-01 modified 2020-06-02 plugin id 93161 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93161 title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1449-1.NASL description This update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting last seen 2020-06-01 modified 2020-06-02 plugin id 110187 published 2018-05-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110187 title SUSE SLES11 Security Update : perl-DBD-mysql (SUSE-SU-2018:1449-1) (BACKRONYM) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-889.NASL description MySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally : - CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962] last seen 2020-06-05 modified 2015-12-17 plugin id 87442 published 2015-12-17 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87442 title openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM) NASL family CGI abuses NASL id PHP_5_6_11.NASL description According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.11. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as last seen 2020-06-01 modified 2020-06-02 plugin id 84673 published 2015-07-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84673 title PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM) NASL family Firewalls NASL id PFSENSE_SA-15_07.NASL description According to its self-reported version number, the remote pfSense install is prior to 2.2.4. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-06-01 modified 2020-06-02 plugin id 106496 published 2018-01-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106496 title pfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07) NASL family Fedora Local Security Checks NASL id FEDORA_2015-10849.NASL description This is an update to most recent version 10.0.20, that also fixes CVE-2015-3152. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-06 plugin id 84521 published 2015-07-06 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84521 title Fedora 22 : mariadb-10.0.20-1.fc22 (2015-10849) (BACKRONYM) NASL family Databases NASL id MARIADB_10_0_20.NASL description The version of MariaDB running on the remote host is 10.0.x prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the GIS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2582) - An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-2620) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2643) - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2648) - A security feature bypass vulnerability, known as last seen 2020-06-01 modified 2020-06-02 plugin id 84796 published 2015-07-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84796 title MariaDB 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM) NASL family Databases NASL id MYSQL_5_7_3.NASL description The remote host has a version of the MySQL client library installed that is 5.1.x, 5.5.x, 5.6.x, or 5.7.x prior to 5.7.3. It is, therefore, affected by a security feature bypass vulnerability known as last seen 2020-06-01 modified 2020-06-02 plugin id 83347 published 2015-05-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83347 title MySQL 5.1.x < 5.7.3 SSL/TLS Downgrade MitM (BACKRONYM) NASL family Scientific Linux Local Security Checks NASL id SL_20150824_MARIADB_ON_SL7_X.NASL description It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-03-18 modified 2015-08-25 plugin id 85622 published 2015-08-25 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85622 title Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1450-1.NASL description This update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting last seen 2020-06-01 modified 2020-06-02 plugin id 110188 published 2018-05-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110188 title SUSE SLES12 Security Update : perl-DBD-mysql (SUSE-SU-2018:1450-1) (BACKRONYM) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-198-02.NASL description New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84830 published 2015-07-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84830 title Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-583.NASL description PHP process crashes when processing an invalid file with the last seen 2020-06-01 modified 2020-06-02 plugin id 85456 published 2015-08-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85456 title Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM) NASL family CGI abuses NASL id PHP_5_5_27.NASL description According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.27. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as last seen 2020-06-01 modified 2020-06-02 plugin id 84672 published 2015-07-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84672 title PHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-479.NASL description MariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information. last seen 2020-06-05 modified 2015-07-13 plugin id 84658 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84658 title openSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-585.NASL description PHP process crashes when processing an invalid file with the last seen 2020-06-01 modified 2020-06-02 plugin id 85458 published 2015-08-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85458 title Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1665.NASL description From Red Hat Security Advisory 2015:1665 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85612 published 2015-08-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85612 title Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1788-1.NASL description MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the last seen 2020-06-01 modified 2020-06-02 plugin id 86537 published 2015-10-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86537 title SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM) NASL family Fedora Local Security Checks NASL id FEDORA_2015-10831.NASL description This is an update to most recent version 10.0.20, that also fixes CVE-2015-3152. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-14 plugin id 84680 published 2015-07-14 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84680 title Fedora 21 : mariadb-10.0.20-1.fc21 (2015-10831) (BACKRONYM) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1665.NASL description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85616 published 2015-08-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85616 title RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-539.NASL description This update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting last seen 2020-06-05 modified 2018-05-30 plugin id 110214 published 2018-05-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110214 title openSUSE Security Update : perl-DBD-mysql (openSUSE-2018-539) (BACKRONYM) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1665.NASL description Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the last seen 2020-06-01 modified 2020-06-02 plugin id 85635 published 2015-08-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85635 title CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://www.ocert.org/advisories/ocert-2015-003.html
- https://jira.mariadb.org/browse/MDEV-7937
- https://www.duosecurity.com/blog/backronym-mysql-vulnerability
- https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
- http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
- http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
- https://access.redhat.com/security/cve/cve-2015-3152
- http://www.securitytracker.com/id/1032216
- http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
- http://www.securityfocus.com/bid/74398
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
- http://www.debian.org/security/2015/dsa-3311
- http://rhn.redhat.com/errata/RHSA-2015-1665.html
- http://rhn.redhat.com/errata/RHSA-2015-1647.html
- http://rhn.redhat.com/errata/RHSA-2015-1646.html
- http://www.securityfocus.com/archive/1/535397/100/1100/threaded