Vulnerabilities > CVE-2015-3152 - Improper Certificate Validation vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Vulnerable Configurations

Part Description Count
Application
Oracle
536
Application
Mariadb
36
Application
Php
252
OS
Fedoraproject
2
OS
Debian
1
OS
Redhat
17

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1079.NASL
    descriptionThe Perl library for communicating with MySQL database, used in the
    last seen2020-03-17
    modified2017-09-01
    plugin id102887
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102887
    titleDebian DLA-1079-1 : libdbd-mysql-perl security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1079-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102887);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-10788", "CVE-2017-10789");
    
      script_name(english:"Debian DLA-1079-1 : libdbd-mysql-perl security update");
      script_summary(english:"Checks dpkg output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Perl library for communicating with MySQL database, used in the
    'mysql' commandline client is vulnerable to a man in the middle attack
    in SSL configurations and remote crash when connecting to hostile
    servers.
    
    CVE-2017-10788
    
    The DBD::mysql module through 4.042 for Perl allows remote attackers
    to cause a denial of service (use-after-free and application crash) or
    possibly have unspecified other impact by triggering (1) certain error
    responses from a MySQL server or (2) a loss of a network connection to
    a MySQL server. The use-after-free defect was introduced by relying on
    incorrect Oracle mysql_stmt_close documentation and code examples.
    
    CVE-2017-10789
    
    The DBD::mysql module through 4.042 for Perl uses the mysql_ssl=1
    setting to mean that SSL is optional (even though this setting's
    documentation has a 'your communication with the server will be
    encrypted' statement), which allows man-in-the-middle attackers to
    spoof servers via a cleartext-downgrade attack, a related issue to
    CVE-2015-3152.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    4.021-1+deb7u3.
    
    We recommend that you upgrade your libdbd-mysql-perl packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/08/msg00033.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/libdbd-mysql-perl"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected libdbd-mysql-perl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdbd-mysql-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libdbd-mysql-perl", reference:"4.021-1+deb7u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCGI abuses
    NASL idPHP_5_4_43.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.43. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id84671
    published2015-07-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84671
    titlePHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84671);
      script_version("1.17");
      script_cvs_date("Date: 2019/03/27 13:17:50");
    
      script_cve_id(
        "CVE-2015-3152",
        "CVE-2015-5589",
        "CVE-2015-5590",
        "CVE-2015-8838"
      );
      script_bugtraq_id(
        74398,
        75970,
        75974,
        88763
      );
    
      script_name(english:"PHP 5.4.x < 5.4.43 Multiple Vulnerabilities (BACKRONYM)");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server uses a version of PHP that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP 5.4.x running on the
    remote web server is prior to 5.4.43. It is, therefore, affected by
    multiple vulnerabilities :
    
      - A security feature bypass vulnerability, known as
        'BACKRONYM', exists due to a failure to properly enforce
        the requirement of an SSL/TLS connection when the --ssl
        client option is used. A man-in-the-middle attacker can
        exploit this flaw to coerce the client to downgrade to
        an unencrypted connection, allowing the attacker to
        disclose data from the database or manipulate database
        queries. (CVE-2015-3152)
    
      - A flaw in the phar_convert_to_other function in
        ext/phar/phar_object.c could allow a remote attacker
        to cause a denial of service. (CVE-2015-5589)
    
      - A Stack-based buffer overflow in the phar_fix_filepath
        function in ext/phar/phar.c could allow a remote attacker
        to cause a denial of service. (CVE-2015-5590)
    
      - A flaw exists in the PHP Connector/C component due to a
        failure to properly enforce the requirement of an
        SSL/TLS connection when the --ssl client option is used.
        A man-in-the-middle attacker can exploit this to
        downgrade the connection to plain HTTP when HTTPS is
        expected. (CVE-2015-8838)
        
      - An unspecified flaw exists in the
        phar_convert_to_other() function in phar_object.c during
        the conversion of invalid TAR files. An attacker can
        exploit this flaw to crash a PHP application, resulting
        in a denial of service condition.
    
      - A flaw exists in the parse_ini_file() and
        parse_ini_string() functions due to improper handling of
        strings that contain a line feed followed by an escape
        character. An attacker can exploit this to crash a PHP
        application, resulting in a denial of service condition.
    
      - A user-after-free error exists in the object_custom()
        function in var_unserializer.c due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to dereference already freed memory,
        potentially resulting in the execution of arbitrary
        code.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.43");
      script_set_attribute(attribute:"see_also", value:"http://backronym.fail/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 5.4.43 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5589");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/10");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port);
    
    if (version =~ "^5\.4\.([0-9]|[1-3][0-9]|4[0-2])($|[^0-9])")
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 5.4.43' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2340.NASL
    descriptionAccording to the version of the perl-DBD-MySQL package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting
    last seen2020-06-01
    modified2020-06-02
    plugin id131505
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131505
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : perl-DBD-MySQL (EulerOS-SA-2019-2340)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131505);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id(
        "CVE-2017-10789"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : perl-DBD-MySQL (EulerOS-SA-2019-2340)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the perl-DBD-MySQL package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerability :
    
      - The DBD::mysql module through 4.043 for Perl uses the
        mysql_ssl=1 setting to mean that SSL is optional (even
        though this setting's documentation has a 'your
        communication with the server will be encrypted'
        statement), which allows man-in-the-middle attackers to
        spoof servers via a cleartext-downgrade attack, a
        related issue to CVE-2015-3152.(CVE-2017-10789)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2340
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53a701d6");
      script_set_attribute(attribute:"solution", value:
    "Update the affected perl-DBD-MySQL package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-DBD-MySQL");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["perl-DBD-MySQL-4.046-4.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-MySQL");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1273-1.NASL
    descriptionThis update fixes the following security issues : - Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] - CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] - CVE-2014-8964: heap buffer overflow [bnc#906574] - CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] - CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] - CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) - CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) - CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) - CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) - CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) - CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) - CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84913
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84913
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1273-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84913);
      script_version("2.18");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2014-8964", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0499", "CVE-2015-0501", "CVE-2015-0505", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2568", "CVE-2015-2571", "CVE-2015-2573", "CVE-2015-3152");
      script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - Logjam attack: mysql uses 512 bit dh groups in SSL
        [bnc#934789]
    
      - CVE-2015-3152: mysql --ssl does not enforce SSL
        [bnc#924663]
    
      - CVE-2014-8964: heap buffer overflow [bnc#906574]
    
      - CVE-2015-2325: heap buffer overflow in compile_branch()
        [bnc#924960]
    
      - CVE-2015-2326: heap buffer overflow in pcre_compile2()
        [bnc#924961]
    
      - CVE-2015-0501: unspecified vulnerability related to
        Server:Compiling (CPU April 2015)
    
      - CVE-2015-2571: unspecified vulnerability related to
        Server:Optimizer (CPU April 2015)
    
      - CVE-2015-0505: unspecified vulnerability related to
        Server:DDL (CPU April 2015)
    
      - CVE-2015-0499: unspecified vulnerability related to
        Server:Federated (CPU April 2015)
    
      - CVE-2015-2568: unspecified vulnerability related to
        Server:Security:Privileges (CPU April 2015)
    
      - CVE-2015-2573: unspecified vulnerability related to
        Server:DDL (CPU April 2015)
    
      - CVE-2015-0433: unspecified vulnerability related to
        Server:InnoDB:DML (CPU April 2015)
    
      - CVE-2015-0441: unspecified vulnerability related to
        Server:Security:Encryption (CPU April 2015)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=906574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=921333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0433/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0441/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0499/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0501/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-0505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2325/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2326/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2568/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2571/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2573/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3152/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?eb0c49d8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12 :
    
    zypper in -t patch SUSE-SLE-WE-12-2015-332=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-332=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-debugsource-10.0.20-18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mariadb-errormessages-10.0.20-18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16845.NASL
    descriptionAn unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. (CVE-2015-3152) Impact Although the BIG-IP system includes the vulnerable components, in a standard configuration, the vulnerability is not exposed. The MySQL Client could be used to initiate connections from the BIG-IP CLI, to a remote database, using SSL/TLS. The built-in BIG-IP MySQL monitor does not support SSL/TLS. However, a custom External Application Verification (EAV) monitor could be written to use MySQL with SSL/TLS. In a standard/default configuration, the BIG-IP system is not vulnerable. Note : Enterprise Manager does not support the configuration of EAV monitors.
    last seen2020-06-01
    modified2020-06-02
    plugin id111708
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111708
    titleF5 Networks BIG-IP : MySQL vulnerability (K16845) (BACKRONYM)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_36BD352D299B11E586FF14DAE9D210B8.NASL
    descriptionDuo Security reports : Researchers have identified a serious vulnerability in some versions of Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id84696
    published2015-07-14
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84696
    titleFreeBSD : mysql -- SSL Downgrade (36bd352d-299b-11e5-86ff-14dae9d210b8) (BACKRONYM)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-584.NASL
    descriptionPHP process crashes when processing an invalid file with the
    last seen2020-06-01
    modified2020-06-02
    plugin id85457
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85457
    titleAmazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1554.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.(CVE-2016-0643) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.(CVE-2016-0608) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.(CVE-2016-0644) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.(CVE-2014-6507) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.(CVE-2016-0646) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.(CVE-2016-0600) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0597) - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.(CVE-2014-0001) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.(CVE-2016-0648) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-0596) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0616) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.(CVE-2016-0649) - It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-06-01
    modified2020-06-02
    plugin id125007
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125007
    titleEulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3311.NASL
    descriptionSeveral issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10017-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10018-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10019-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10020-release- notes/
    last seen2020-06-01
    modified2020-06-02
    plugin id84839
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84839
    titleDebian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1449-1.NASL
    descriptionThis update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting
    last seen2020-06-01
    modified2020-06-02
    plugin id110187
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110187
    titleSUSE SLES11 Security Update : perl-DBD-mysql (SUSE-SU-2018:1449-1) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-889.NASL
    descriptionMySQL was updated to 5.6.27 to fix security issues and bugs. The following vulnerabilities were fixed as part of the upstream release [boo#951391]: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 Details on these and other changes can be found at: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html The following security relevant changes are included additionally : - CVE-2015-3152: MySQL lacked SSL enforcement. Using --ssl-verify-server-cert and --ssl[-*] implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [boo#924663], [boo#928962]
    last seen2020-06-05
    modified2015-12-17
    plugin id87442
    published2015-12-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87442
    titleopenSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)
  • NASL familyCGI abuses
    NASL idPHP_5_6_11.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.11. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id84673
    published2015-07-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84673
    titlePHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)
  • NASL familyFirewalls
    NASL idPFSENSE_SA-15_07.NASL
    descriptionAccording to its self-reported version number, the remote pfSense install is prior to 2.2.4. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
    last seen2020-06-01
    modified2020-06-02
    plugin id106496
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106496
    titlepfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-10849.NASL
    descriptionThis is an update to most recent version 10.0.20, that also fixes CVE-2015-3152. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-07-06
    plugin id84521
    published2015-07-06
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84521
    titleFedora 22 : mariadb-10.0.20-1.fc22 (2015-10849) (BACKRONYM)
  • NASL familyDatabases
    NASL idMARIADB_10_0_20.NASL
    descriptionThe version of MariaDB running on the remote host is 10.0.x prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the GIS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2582) - An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2015-2620) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2643) - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-2648) - A security feature bypass vulnerability, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id84796
    published2015-07-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84796
    titleMariaDB 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM)
  • NASL familyDatabases
    NASL idMYSQL_5_7_3.NASL
    descriptionThe remote host has a version of the MySQL client library installed that is 5.1.x, 5.5.x, 5.6.x, or 5.7.x prior to 5.7.3. It is, therefore, affected by a security feature bypass vulnerability known as
    last seen2020-06-01
    modified2020-06-02
    plugin id83347
    published2015-05-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83347
    titleMySQL 5.1.x < 5.7.3 SSL/TLS Downgrade MitM (BACKRONYM)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150824_MARIADB_ON_SL7_X.NASL
    descriptionIt was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-03-18
    modified2015-08-25
    plugin id85622
    published2015-08-25
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85622
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1450-1.NASL
    descriptionThis update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting
    last seen2020-06-01
    modified2020-06-02
    plugin id110188
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110188
    titleSUSE SLES12 Security Update : perl-DBD-mysql (SUSE-SU-2018:1450-1) (BACKRONYM)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-198-02.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84830
    published2015-07-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84830
    titleSlackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-583.NASL
    descriptionPHP process crashes when processing an invalid file with the
    last seen2020-06-01
    modified2020-06-02
    plugin id85456
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85456
    titleAmazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)
  • NASL familyCGI abuses
    NASL idPHP_5_5_27.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.27. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id84672
    published2015-07-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84672
    titlePHP 5.5.x < 5.5.27 Multiple Vulnerabilities (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-479.NASL
    descriptionMariaDB was updated to its current minor version, fixing bugs and security issues. These updates include a fix for Logjam (CVE-2015-4000), making MariaDB work with client software that no longer allows short DH groups over SSL, as e.g. our current openssl packages. On openSUSE 13.1, MariaDB was updated to 5.5.44. On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20. Please read the release notes of MariaDB https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/ for more information.
    last seen2020-06-05
    modified2015-07-13
    plugin id84658
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84658
    titleopenSUSE Security Update : MariaDB (openSUSE-2015-479) (BACKRONYM) (Logjam)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-585.NASL
    descriptionPHP process crashes when processing an invalid file with the
    last seen2020-06-01
    modified2020-06-02
    plugin id85458
    published2015-08-18
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85458
    titleAmazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1665.NASL
    descriptionFrom Red Hat Security Advisory 2015:1665 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-06-01
    modified2020-06-02
    plugin id85612
    published2015-08-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85612
    titleOracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1788-1.NASL
    descriptionMySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the
    last seen2020-06-01
    modified2020-06-02
    plugin id86537
    published2015-10-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86537
    titleSUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-10831.NASL
    descriptionThis is an update to most recent version 10.0.20, that also fixes CVE-2015-3152. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-07-14
    plugin id84680
    published2015-07-14
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84680
    titleFedora 21 : mariadb-10.0.20-1.fc21 (2015-10831) (BACKRONYM)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1665.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-06-01
    modified2020-06-02
    plugin id85616
    published2015-08-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85616
    titleRHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-539.NASL
    descriptionThis update for perl-DBD-mysql fixes the following issues : - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting
    last seen2020-06-05
    modified2018-05-30
    plugin id110214
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110214
    titleopenSUSE Security Update : perl-DBD-mysql (openSUSE-2018-539) (BACKRONYM)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1665.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-06-01
    modified2020-06-02
    plugin id85635
    published2015-08-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85635
    titleCentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)

Redhat

advisories
  • rhsa
    idRHSA-2015:1646
  • rhsa
    idRHSA-2015:1647
  • rhsa
    idRHSA-2015:1665
rpms
  • rh-mariadb100-mariadb-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-bench-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-bench-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-common-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-common-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-config-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-config-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-debuginfo-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-debuginfo-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-devel-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-devel-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-errmsg-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-errmsg-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-server-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-server-1:10.0.20-1.el7
  • rh-mariadb100-mariadb-test-1:10.0.20-1.el6
  • rh-mariadb100-mariadb-test-1:10.0.20-1.el7
  • mariadb55-mariadb-0:5.5.44-1.el6
  • mariadb55-mariadb-0:5.5.44-1.el7
  • mariadb55-mariadb-bench-0:5.5.44-1.el6
  • mariadb55-mariadb-bench-0:5.5.44-1.el7
  • mariadb55-mariadb-debuginfo-0:5.5.44-1.el6
  • mariadb55-mariadb-debuginfo-0:5.5.44-1.el7
  • mariadb55-mariadb-devel-0:5.5.44-1.el6
  • mariadb55-mariadb-devel-0:5.5.44-1.el7
  • mariadb55-mariadb-libs-0:5.5.44-1.el6
  • mariadb55-mariadb-libs-0:5.5.44-1.el7
  • mariadb55-mariadb-server-0:5.5.44-1.el6
  • mariadb55-mariadb-server-0:5.5.44-1.el7
  • mariadb55-mariadb-test-0:5.5.44-1.el6
  • mariadb55-mariadb-test-0:5.5.44-1.el7
  • mariadb-1:5.5.44-1.ael7b_1
  • mariadb-1:5.5.44-1.el7_1
  • mariadb-bench-1:5.5.44-1.ael7b_1
  • mariadb-bench-1:5.5.44-1.el7_1
  • mariadb-debuginfo-1:5.5.44-1.ael7b_1
  • mariadb-debuginfo-1:5.5.44-1.el7_1
  • mariadb-devel-1:5.5.44-1.ael7b_1
  • mariadb-devel-1:5.5.44-1.el7_1
  • mariadb-embedded-1:5.5.44-1.ael7b_1
  • mariadb-embedded-1:5.5.44-1.el7_1
  • mariadb-embedded-devel-1:5.5.44-1.ael7b_1
  • mariadb-embedded-devel-1:5.5.44-1.el7_1
  • mariadb-libs-1:5.5.44-1.ael7b_1
  • mariadb-libs-1:5.5.44-1.el7_1
  • mariadb-server-1:5.5.44-1.ael7b_1
  • mariadb-server-1:5.5.44-1.el7_1
  • mariadb-test-1:5.5.44-1.ael7b_1
  • mariadb-test-1:5.5.44-1.el7_1

References