Vulnerabilities > CVE-2015-8949 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3635.NASL description Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application. last seen 2020-06-01 modified 2020-06-02 plugin id 92643 published 2016-08-01 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92643 title Debian DSA-3635-1 : libdbd-mysql-perl - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3635. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(92643); script_version("2.8"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2014-9906", "CVE-2015-8949"); script_xref(name:"DSA", value:"3635"); script_name(english:"Debian DSA-3635-1 : libdbd-mysql-perl - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/libdbd-mysql-perl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3635" ); script_set_attribute( attribute:"solution", value: "Upgrade the libdbd-mysql-perl packages. For the stable distribution (jessie), these problems have been fixed in version 4.028-2+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdbd-mysql-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libdbd-mysql-perl", reference:"4.028-2+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3103-1.NASL description It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9906) Hanno Bock discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8949) Pali Rohar discovered that DBD::mysql incorrectly handled certain user supplied data. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1246). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94069 published 2016-10-14 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94069 title Ubuntu 12.04 LTS / 14.04 LTS : libdbd-mysql-perl vulnerabilities (USN-3103-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3103-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(94069); script_version("2.6"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2014-9906", "CVE-2015-8949", "CVE-2016-1246"); script_xref(name:"USN", value:"3103-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS : libdbd-mysql-perl vulnerabilities (USN-3103-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9906) Hanno Bock discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8949) Pali Rohar discovered that DBD::mysql incorrectly handled certain user supplied data. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1246). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3103-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libdbd-mysql-perl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbd-mysql-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libdbd-mysql-perl", pkgver:"4.020-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libdbd-mysql-perl", pkgver:"4.025-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdbd-mysql-perl"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-BB0B94F8DB.NASL description Security fix for perl-DBD-MySQL Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-12 plugin id 92883 published 2016-08-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92883 title Fedora 23 : perl-DBD-MySQL (2016-bb0b94f8db) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-bb0b94f8db. # include("compat.inc"); if (description) { script_id(92883); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8949"); script_xref(name:"FEDORA", value:"2016-bb0b94f8db"); script_name(english:"Fedora 23 : perl-DBD-MySQL (2016-bb0b94f8db)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for perl-DBD-MySQL Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb0b94f8db" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-MySQL package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-DBD-MySQL"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"perl-DBD-MySQL-4.033-2.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-MySQL"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-4274C906E7.NASL description Security fix for perl-DBD-MySQL Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-05 plugin id 92733 published 2016-08-05 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92733 title Fedora 24 : perl-DBD-MySQL (2016-4274c906e7) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-4274c906e7. # include("compat.inc"); if (description) { script_id(92733); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8949"); script_xref(name:"FEDORA", value:"2016-4274c906e7"); script_name(english:"Fedora 24 : perl-DBD-MySQL (2016-4274c906e7)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for perl-DBD-MySQL Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-4274c906e7" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-MySQL package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-DBD-MySQL"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"perl-DBD-MySQL-4.035-1.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-MySQL"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-51.NASL description The remote host is affected by the vulnerability described in GLSA-201701-51 (DBD::mysql: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition, execute arbitrary code, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96686 published 2017-01-23 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96686 title GLSA-201701-51 : DBD::mysql: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-51. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96686); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2017/01/23 15:32:05 $"); script_cve_id("CVE-2015-8949", "CVE-2016-1246", "CVE-2016-1249", "CVE-2016-1251"); script_xref(name:"GLSA", value:"201701-51"); script_name(english:"GLSA-201701-51 : DBD::mysql: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-51 (DBD::mysql: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a Denial of Service condition, execute arbitrary code, or have other unspecified impacts. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-51" ); script_set_attribute( attribute:"solution", value: "All DBD::mysql users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-perl/DBD-mysql-4.41.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:DBD-mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-perl/DBD-mysql", unaffected:make_list("ge 4.41.0"), vulnerable:make_list("lt 4.41.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "DBD::mysql"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-576.NASL description Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial of service against an application using DBD::mysql (application crash), or potentially to execute arbitrary code with the privileges of the user running the application. For Debian 7 last seen 2020-03-17 modified 2016-08-01 plugin id 92639 published 2016-08-01 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92639 title Debian DLA-576-1 : libdbd-mysql-perl security update
References
- https://blog.fuzzing-project.org/50-Use-after-free-in-my_login-function-of-DBDmysql-Perl-module.html
- http://www.openwall.com/lists/oss-security/2016/07/25/13
- https://github.com/perl5-dbi/DBD-mysql/pull/45
- http://www.openwall.com/lists/oss-security/2016/07/27/1
- http://www.debian.org/security/2016/dsa-3635
- https://github.com/perl5-dbi/DBD-mysql/blob/4.033_01/Changes
- https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
- http://www.securityfocus.com/bid/92118
- https://security.gentoo.org/glsa/201701-51