Vulnerabilities > CVE-2017-10378

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
oracle
mariadb
debian
redhat
netapp
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
113
Application
Mariadb
98
Application
Redhat
1
Application
Netapp
20
OS
Debian
2
OS
Redhat
10

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3459-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104120
    published2017-10-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104120
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3459-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3459-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104120);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10165", "CVE-2017-10167", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10311", "CVE-2017-10313", "CVE-2017-10314", "CVE-2017-10320", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"USN", value:"3459-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3459-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in MySQL and this update
    includes new upstream MySQL versions to fix these issues.
    
    MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04
    LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20.
    
    In addition to security fixes, the updated packages contain bug fixes,
    new features, and possibly incompatible changes.
    
    Please see the following for more information:
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
    http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626
    .html.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3459-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mysql-server-5.5 and / or mysql-server-5.7
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.58-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.17.04.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.17.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5 / mysql-server-5.7");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180816_MARIADB_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es) : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es) : - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation.
    last seen2020-03-18
    modified2018-08-17
    plugin id111806
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111806
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111806);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819");
    
      script_name(english:"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following packages have been upgraded to a later upstream version:
    mariadb (5.5.60).
    
    Security Fix(es) :
    
      - mysql: Client programs unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3636)
    
      - mysql: Server: DML unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3641)
    
      - mysql: Client mysqldump unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3651)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Oct 2017) (CVE-2017-10268)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10378)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10379)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Oct
        2017) (CVE-2017-10384)
    
      - mysql: Server: Partition unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2562)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jan
        2018) (CVE-2018-2622)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2640)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2665)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2668)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Apr 2018) (CVE-2018-2755)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2761)
    
      - mysql: Server: Locking unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2771)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2781)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2813)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2817)
    
      - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
        (CVE-2018-2819)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3653)
    
      - mysql: use of SSL/TLS not enforced in libmysqld (Return
        of BACKRONYM) (CVE-2018-2767)
    
    Bug Fix(es) :
    
      - Previously, the mysqladmin tool waited for an inadequate
        length of time if the socket it listened on did not
        respond in a specific way. Consequently, when the socket
        was used while the MariaDB server was starting, the
        mariadb service became unresponsive for a long time.
        With this update, the mysqladmin timeout has been
        shortened to 2 seconds. As a result, the mariadb service
        either starts or fails but no longer hangs in the
        described situation."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1808&L=scientific-linux-errata&F=&S=&P=2075
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1b3ca8f6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-bench-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-debuginfo-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-devel-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-libs-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-server-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-test-5.5.60-1.el7_5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_5_7_12.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by multiple vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject
    last seen2020-06-01
    modified2020-06-02
    plugin id90684
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90684
    titleMySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90684);
      script_version("1.18");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id(
        "CVE-2015-3197",
        "CVE-2016-0639",
        "CVE-2016-0642",
        "CVE-2016-0643",
        "CVE-2016-0647",
        "CVE-2016-0648",
        "CVE-2016-0655",
        "CVE-2016-0657",
        "CVE-2016-0659",
        "CVE-2016-0662",
        "CVE-2016-0666",
        "CVE-2016-0667",
        "CVE-2016-0702",
        "CVE-2016-0705",
        "CVE-2016-0797",
        "CVE-2016-0798",
        "CVE-2016-0799",
        "CVE-2016-0800",
        "CVE-2016-2047",
        "CVE-2017-10378"
      );
      script_bugtraq_id(
        81810,
        82237,
        83705,
        83733,
        83754,
        83755,
        83763,
        86418,
        86424,
        86433,
        86445,
        86457,
        86484,
        86486,
        86493,
        86495,
        86506,
        86509,
        101375
      );
      script_xref(name:"CERT", value:"257823");
      script_xref(name:"CERT", value:"583776");
    
      script_name(english:"MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)");
      script_summary(english:"Checks the version of MySQL server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL running on the remote host is 5.7.x prior to
    5.7.12. It is, therefore, affected by multiple vulnerabilities :
    
      - A cipher algorithm downgrade vulnerability exists in the
        bundled version of OpenSSL due to a flaw that is
        triggered when handling cipher negotiation. A remote
        attacker can exploit this to negotiate SSLv2 ciphers and
        complete SSLv2 handshakes even if all SSLv2 ciphers have
        been disabled on the server. Note that this
        vulnerability only exists if the SSL_OP_NO_SSLv2 option
        has not been disabled. (CVE-2015-3197)
    
      - An unspecified flaw exists in the Pluggable
        Authentication subcomponent that allows an
        unauthenticated, remote attacker to execute arbitrary
        code. (CVE-2016-0639)
    
      - An unspecified flaw exists in the Federated subcomponent
        that allows an authenticated, remote attacker to impact
        integrity and availability. (CVE-2016-0642)
    
      - An unspecified flaw exists in the DML subcomponent that
        allows an authenticated, remote attacker to disclose
        sensitive information. (CVE-2016-0643)
    
      - An unspecified flaw exists in the FTS subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0647)
    
      - An unspecified flaw exists in the PS subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0647)
    
      - An unspecified flaw exists in the InnoDB subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0655)
    
      - An unspecified flaw exists in the JSON subcomponent that
        allows an authenticated, remote attacker to disclose
        sensitive information. (CVE-2016-0657)
    
      - An unspecified flaw exists in the Optimizer subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0659)
    
      - An unspecified flaw exists in the Partition subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0662)
    
      - An unspecified flaw exists in the Security: Privileges
        subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-0666)
    
      - An unspecified flaw exists in the Locking subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-0667)
    
      - A key disclosure vulnerability exists in the bundled
        version of OpenSSL due to improper handling of
        cache-bank conflicts on the Intel Sandy-bridge
        microarchitecture. An attacker can exploit this to gain
        access to RSA key information. (CVE-2016-0702)
    
      - A double-free error exists in the bundled version of
        OpenSSL due to improper validation of user-supplied
        input when parsing malformed DSA private keys. A remote
        attacker can exploit this to corrupt memory, resulting
        in a denial of service condition or the execution of
        arbitrary code. (CVE-2016-0705)
    
      - A NULL pointer dereference flaw exists in the bundled
        version of OpenSSL in the BN_hex2bn() and BN_dec2bn()
        functions. A remote attacker can exploit this to trigger
        a heap corruption, resulting in the execution of
        arbitrary code. (CVE-2016-0797)
    
      - A denial of service vulnerability exists in the bundled
        version of OpenSSL due to improper handling of invalid
        usernames. A remote attacker can exploit this, via a
        specially crafted username, to leak 300 bytes of memory
        per connection, exhausting available memory resources.
        (CVE-2016-0798)
    
      - Multiple memory corruption issues exist in the bundled
        version of OpenSSL that allow a remote attacker to cause
        a denial of service condition or the execution of
        arbitrary code. (CVE-2016-0799)
    
      - A flaw exists in the bundled version of OpenSSL that
        allows a cross-protocol Bleichenbacher padding oracle
        attack known as DROWN (Decrypting RSA with Obsolete and
        Weakened eNcryption). This vulnerability exists due to a
        flaw in the Secure Sockets Layer Version 2 (SSLv2)
        implementation, and it allows captured TLS traffic to be
        decrypted. A man-in-the-middle attacker can exploit this
        to decrypt the TLS connection by utilizing previously
        captured traffic and weak cryptography along with a
        series of specially crafted connections to an SSLv2
        server that uses the same private key. (CVE-2016-0800)
    
      - A man-in-the-middle spoofing vulnerability exists due to
        the server hostname not being verified to match a domain
        name in the Subject's Common Name (CN) or SubjectAltName
        field of the X.509 certificate. A man-in-the-middle
        attacker can exploit this, by spoofing the TLS/SSL
        server via a certificate that appears valid, to disclose
        sensitive information or manipulate transmitted data.
        (CVE-2016-2047)
    
      - An unspecified flaw exists in the Optimizer subcomponent
        that allow an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2017-10378)
    
      - A flaw exists related to certificate validation due to
        the server hostname not being verified to match a domain
        name in the X.509 certificate. A man-in-the-middle
        attacker can exploit this, by spoofing the TLS/SSL
        server via a certificate that appears valid, to disclose
        sensitive information or manipulate data.
    
      - An integer overflow condition exists that is triggered
        due to improper validation of user-supplied input when
        processing client handshakes. An authenticated, remote
        attacker can exploit this to cause the server to exit,
        resulting in a denial of service condition.
    
      - An information disclosure vulnerability exists due to
        overly verbose error messages returning part of the SQL
        statement that produced them. An authenticated, remote
        attacker can exploit this to disclose sensitive
        information.
    
      - A flaw exists in InnoDB that is triggered during the
        handling of an ALTER TABLE or ADD COLUMN operation on a
        table with virtual columns. An authenticated, remote
        attacker can exploit this to crash the server, resulting
        in a denial of service condition.");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb7b96f");
      # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e");
      script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2307762.1");
      # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e9f2a38");
      script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html");
      script_set_attribute(attribute:"see_also", value:"https://drownattack.com/");
      script_set_attribute(attribute:"see_also", value:"https://www.drownattack.com/drown-attack-paper.pdf");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 5.7.12 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0799");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/22");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:'5.7.12', min:'5.7', severity:SECURITY_HOLE);
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0034_MARIADB.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3651) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (CVE-2017-3636) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-3641) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3653) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-10378) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2017-10268) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (CVE-2017-10379) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-10384) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2018-2755) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2018-2767) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2562) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2622) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2761) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2771) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2781) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2018-2813) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2817) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2819) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2455) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3133) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127203
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127203
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0034. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127203);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:04");
    
      script_cve_id(
        "CVE-2017-3636",
        "CVE-2017-3641",
        "CVE-2017-3651",
        "CVE-2017-3653",
        "CVE-2017-10268",
        "CVE-2017-10378",
        "CVE-2017-10379",
        "CVE-2017-10384",
        "CVE-2018-2562",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2755",
        "CVE-2018-2761",
        "CVE-2018-2767",
        "CVE-2018-2771",
        "CVE-2018-2781",
        "CVE-2018-2813",
        "CVE-2018-2817",
        "CVE-2018-2819",
        "CVE-2018-3133",
        "CVE-2019-2455"
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected
    by multiple vulnerabilities:
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Client mysqldump). Supported
        versions that are affected are 5.5.56 and earlier,
        5.6.36 and earlier and 5.7.18 and earlier. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized update, insert or delete
        access to some of MySQL Server accessible data. CVSS 3.0
        Base Score 4.3 (Integrity impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
        (CVE-2017-3651)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Client programs). Supported
        versions that are affected are 5.5.56 and earlier and
        5.6.36 and earlier. Easily exploitable vulnerability
        allows low privileged attacker with logon to the
        infrastructure where MySQL Server executes to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized update, insert or delete
        access to some of MySQL Server accessible data as well
        as unauthorized read access to a subset of MySQL Server
        accessible data and unauthorized ability to cause a
        partial denial of service (partial DOS) of MySQL Server.
        CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and
        Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
        (CVE-2017-3636)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DML). Supported versions
        that are affected are 5.5.56 and earlier, 5.6.36 and
        earlier and 5.7.18 and earlier. Easily exploitable
        vulnerability allows high privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 4.9 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2017-3641)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DDL). Supported versions
        that are affected are 5.5.56 and earlier, 5.6.36 and
        earlier and 5.7.18 and earlier. Difficult to exploit
        vulnerability allows low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized update, insert or delete
        access to some of MySQL Server accessible data. CVSS 3.0
        Base Score 3.1 (Integrity impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
        (CVE-2017-3653)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Optimizer). Supported
        versions that are affected are 5.5.57 and earlier,
        5.6.37 and earlier and 5.7.11 and earlier. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 6.5 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2017-10378)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Replication). Supported
        versions that are affected are 5.5.57 and earlier,
        5.6.37 and earlier and 5.7.19 and earlier. Difficult to
        exploit vulnerability allows high privileged attacker
        with logon to the infrastructure where MySQL Server
        executes to compromise MySQL Server. Successful attacks
        of this vulnerability can result in unauthorized access
        to critical data or complete access to all MySQL Server
        accessible data. CVSS 3.0 Base Score 4.1
        (Confidentiality impacts). CVSS Vector:
        (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
        (CVE-2017-10268)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Client programs). Supported
        versions that are affected are 5.5.57 and earlier,
        5.6.37 and earlier and 5.7.19 and earlier. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized access to critical data or
        complete access to all MySQL Server accessible data.
        CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS
        Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
        (CVE-2017-10379)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DDL). Supported versions
        that are affected are 5.5.57 and earlier 5.6.37 and
        earlier 5.7.19 and earlier. Easily exploitable
        vulnerability allows low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 6.5 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2017-10384)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Replication). Supported
        versions that are affected are 5.5.59 and prior, 5.6.39
        and prior and 5.7.21 and prior. Difficult to exploit
        vulnerability allows unauthenticated attacker with logon
        to the infrastructure where MySQL Server executes to
        compromise MySQL Server. Successful attacks require
        human interaction from a person other than the attacker
        and while the vulnerability is in MySQL Server, attacks
        may significantly impact additional products. Successful
        attacks of this vulnerability can result in takeover of
        MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality,
        Integrity and Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
        (CVE-2018-2755)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Security: Encryption).
        Supported versions that are affected are 5.5.60 and
        prior, 5.6.40 and prior and 5.7.22 and prior. Difficult
        to exploit vulnerability allows low privileged attacker
        with network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized read access to a subset of
        MySQL Server accessible data. CVSS 3.0 Base Score 3.1
        (Confidentiality impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
        (CVE-2018-2767)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server : Partition). Supported
        versions that are affected are 5.5.58 and prior, 5.6.38
        and prior and 5.7.19 and prior. Easily exploitable
        vulnerability allows low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server as well as unauthorized update, insert or delete
        access to some of MySQL Server accessible data. CVSS 3.0
        Base Score 7.1 (Integrity and Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
        (CVE-2018-2562)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DDL). Supported versions
        that are affected are 5.5.58 and prior, 5.6.38 and prior
        and 5.7.20 and prior. Easily exploitable vulnerability
        allows low privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of MySQL Server. CVSS
        3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2622)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Optimizer). Supported
        versions that are affected are 5.5.58 and prior, 5.6.38
        and prior and 5.7.20 and prior. Easily exploitable
        vulnerability allows low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 6.5 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Client programs). Supported
        versions that are affected are 5.5.59 and prior, 5.6.39
        and prior and 5.7.21 and prior. Difficult to exploit
        vulnerability allows unauthenticated attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 5.9 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2761)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Locking). Supported
        versions that are affected are 5.5.59 and prior, 5.6.39
        and prior and 5.7.21 and prior. Difficult to exploit
        vulnerability allows high privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 4.4 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2771)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Optimizer). Supported
        versions that are affected are 5.5.59 and prior, 5.6.39
        and prior and 5.7.21 and prior. Easily exploitable
        vulnerability allows high privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 4.9 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2781)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DDL). Supported versions
        that are affected are 5.5.59 and prior, 5.6.39 and prior
        and 5.7.21 and prior. Easily exploitable vulnerability
        allows low privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized read access to a subset of MySQL Server
        accessible data. CVSS 3.0 Base Score 4.3
        (Confidentiality impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
        (CVE-2018-2813)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: DDL). Supported versions
        that are affected are 5.5.59 and prior, 5.6.39 and prior
        and 5.7.21 and prior. Easily exploitable vulnerability
        allows low privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of MySQL Server. CVSS
        3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2817)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: InnoDB). Supported versions that
        are affected are 5.5.59 and prior, 5.6.39 and prior and
        5.7.21 and prior. Easily exploitable vulnerability
        allows low privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of MySQL Server. CVSS
        3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-2819)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Parser). Supported versions
        that are affected are 5.6.42 and prior, 5.7.24 and prior
        and 8.0.13 and prior. Easily exploitable vulnerability
        allows low privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of MySQL Server. CVSS
        3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2019-2455)
    
      - Vulnerability in the MySQL Server component of Oracle
        MySQL (subcomponent: Server: Parser). Supported versions
        that are affected are 5.5.61 and prior, 5.6.41 and
        prior, 5.7.23 and prior and 8.0.12 and prior. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server. CVSS 3.0 Base Score 6.5 (Availability impacts).
        CVSS Vector:
        (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
        (CVE-2018-3133)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0034");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL mariadb packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2562");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "mariadb-5.5.60-1.el7_5",
        "mariadb-bench-5.5.60-1.el7_5",
        "mariadb-debuginfo-5.5.60-1.el7_5",
        "mariadb-devel-5.5.60-1.el7_5",
        "mariadb-embedded-5.5.60-1.el7_5",
        "mariadb-embedded-devel-5.5.60-1.el7_5",
        "mariadb-libs-5.5.60-1.el7_5",
        "mariadb-server-5.5.60-1.el7_5",
        "mariadb-test-5.5.60-1.el7_5"
      ],
      "CGSL MAIN 5.04": [
        "mariadb-5.5.60-1.el7_5",
        "mariadb-bench-5.5.60-1.el7_5",
        "mariadb-debuginfo-5.5.60-1.el7_5",
        "mariadb-devel-5.5.60-1.el7_5",
        "mariadb-embedded-5.5.60-1.el7_5",
        "mariadb-embedded-devel-5.5.60-1.el7_5",
        "mariadb-libs-5.5.60-1.el7_5",
        "mariadb-server-5.5.60-1.el7_5",
        "mariadb-test-5.5.60-1.el7_5"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1346.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118434
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118434
    titleEulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118434);
      script_version("1.4");
      script_cvs_date("Date: 2019/06/28 11:31:59");
    
      script_cve_id(
        "CVE-2017-10268",
        "CVE-2017-10378",
        "CVE-2017-10379",
        "CVE-2017-10384",
        "CVE-2017-3636",
        "CVE-2017-3641",
        "CVE-2017-3651",
        "CVE-2017-3653",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2755",
        "CVE-2018-2761",
        "CVE-2018-2767",
        "CVE-2018-2771",
        "CVE-2018-2781",
        "CVE-2018-2813",
        "CVE-2018-2817",
        "CVE-2018-2819"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the mariadb packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - mysql: Client programs unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3636)
    
      - mysql: Server: DML unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3641)
    
      - mysql: Client mysqldump unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3651)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Oct 2017) (CVE-2017-10268)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10378)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10379)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Oct
        2017) (CVE-2017-10384)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jan
        2018) (CVE-2018-2622)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2640)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2665)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2668)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Apr 2018) (CVE-2018-2755)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2761)
    
      - mysql: Server: Locking unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2771)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2781)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2813)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2817)
    
      - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
        (CVE-2018-2819)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3653)
    
      - mysql: use of SSL/TLS not enforced in libmysqld (Return
        of BACKRONYM) (CVE-2018-2767)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1346
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58b5058d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected mariadb packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["mariadb-5.5.60-1.h1",
            "mariadb-libs-5.5.60-1.h1",
            "mariadb-server-5.5.60-1.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0044.NASL
    descriptionAn update of [openvswitch,systemd,curl,mariadb,bash] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111893
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111893
    titlePhoton OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0044. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111893);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2016-9401",
        "CVE-2017-10268",
        "CVE-2017-10378",
        "CVE-2017-14970",
        "CVE-2017-15908",
        "CVE-2017-1000254"
      );
    
      script_name(english:"Photon OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [openvswitch,systemd,curl,mariadb,bash] packages for
    PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-84
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?185d85d0");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14970");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openvswitch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:systemd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "bash-4.3.48-2.ph1",
      "bash-debuginfo-4.3.48-2.ph1",
      "bash-lang-4.3.48-2.ph1",
      "curl-7.54.0-4.ph1",
      "curl-debuginfo-7.54.0-4.ph1",
      "mariadb-10.2.10-1.ph1",
      "mariadb-debuginfo-10.2.10-1.ph1",
      "mariadb-devel-10.2.10-1.ph1",
      "mariadb-errmsg-10.2.10-1.ph1",
      "mariadb-server-10.2.10-1.ph1",
      "mariadb-server-galera-10.2.10-1.ph1",
      "openvswitch-2.6.1-5.ph1",
      "openvswitch-debuginfo-2.6.1-5.ph1",
      "openvswitch-devel-2.6.1-5.ph1",
      "openvswitch-doc-2.6.1-5.ph1",
      "systemd-228-43.ph1",
      "systemd-debuginfo-228-43.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bash / curl / mariadb / openvswitch / systemd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-146.NASL
    descriptionThis update for mariadb to version 10.0.33 fixes several issues. These security issues were fixed : - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). These non-security issues were fixed : - CHECK TABLE no longer returns an error when run on a CONNECT table -
    last seen2020-06-05
    modified2018-02-08
    plugin id106669
    published2018-02-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106669
    titleopenSUSE Security Update : mariadb (openSUSE-2018-146)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-146.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106669);
      script_version("3.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378");
    
      script_name(english:"openSUSE Security Update : mariadb (openSUSE-2018-146)");
      script_summary(english:"Check for the openSUSE-2018-146 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to version 10.0.33 fixes several issues.
    
    These security issues were fixed :
    
      - CVE-2017-10378: Vulnerability in subcomponent: Server:
        Optimizer. Easily exploitable vulnerability allowed low
        privileged attacker with network access via multiple
        protocols to compromise MySQL Server. Successful attacks
        of this vulnerability can result in unauthorized ability
        to cause a hang or frequently repeatable crash (complete
        DOS) of MySQL Server (bsc#1064115).
    
      - CVE-2017-10268: Vulnerability in subcomponent: Server:
        Replication. Difficult to exploit vulnerability allowed
        high privileged attacker with logon to the
        infrastructure where MySQL Server executes to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized access to critical data or
        complete access to all MySQL Server accessible data
        (bsc#1064101).
    
    These non-security issues were fixed :
    
      - CHECK TABLE no longer returns an error when run on a
        CONNECT table
    
      - 'Undo log record is too big.' error occurring in very
        narrow range of string lengths
    
      - Race condition between
        INFORMATION_SCHEMA.INNODB_SYS_TABLESTATS and
        ALTER/DROP/TRUNCATE TABLE
    
      - Wrong result after altering a partitioned table fixed
        bugs in InnoDB FULLTEXT INDEX
    
      - InnoDB FTS duplicate key error
    
      - InnoDB crash after failed ADD INDEX and
        table_definition_cache eviction
    
      - fts_create_doc_id() unnecessarily allocates 8 bytes for
        every inserted row
    
      - IMPORT TABLESPACE may corrupt ROW_FORMAT=REDUNDANT
        tables
    
    For additional details please see
    https://kb.askmonty.org/en/mariadb-10033-changelog
    
    This update was imported from the SUSE:SLE-12-SP1:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076505"
      );
      # https://kb.askmonty.org/en/mariadb-10033-changelog
      script_set_attribute(
        attribute:"see_also",
        value:"https://mariadb.com/kb/en/library/mariadb-10033-changelog/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqlclient-devel-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqlclient18-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqlclient18-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqlclient_r18-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqld-devel-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqld18-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libmysqld18-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-bench-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-bench-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-client-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-client-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-debugsource-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-errormessages-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-test-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-test-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-tools-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"mariadb-tools-debuginfo-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.33-29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.33-29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2439.NASL
    descriptionFrom Red Hat Security Advisory 2018:2439 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen2020-06-01
    modified2020-06-02
    plugin id111800
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111800
    titleOracle Linux 7 : mariadb (ELSA-2018-2439)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2018:2439 and 
    # Oracle Linux Security Advisory ELSA-2018-2439 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111800);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819", "CVE-2018-3133", "CVE-2019-2455");
      script_xref(name:"RHSA", value:"2018:2439");
    
      script_name(english:"Oracle Linux 7 : mariadb (ELSA-2018-2439)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2018:2439 :
    
    An update for mariadb is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    MariaDB is a multi-user, multi-threaded SQL database server that is
    binary compatible with MySQL.
    
    The following packages have been upgraded to a later upstream version:
    mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)
    
    Security Fix(es) :
    
    * mysql: Client programs unspecified vulnerability (CPU Jul 2017)
    (CVE-2017-3636)
    
    * mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
    (CVE-2017-3641)
    
    * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
    (CVE-2017-3651)
    
    * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
    (CVE-2017-10268)
    
    * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
    (CVE-2017-10378)
    
    * mysql: Client programs unspecified vulnerability (CPU Oct 2017)
    (CVE-2017-10379)
    
    * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
    (CVE-2017-10384)
    
    * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
    (CVE-2018-2562)
    
    * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
    (CVE-2018-2622)
    
    * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
    (CVE-2018-2640)
    
    * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
    (CVE-2018-2665)
    
    * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
    (CVE-2018-2668)
    
    * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2755)
    
    * mysql: Client programs unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2761)
    
    * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2771)
    
    * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2781)
    
    * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2813)
    
    * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2817)
    
    * mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
    (CVE-2018-2819)
    
    * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
    (CVE-2017-3653)
    
    * mysql: use of SSL/TLS not enforced in libmysqld (Return of
    BACKRONYM) (CVE-2018-2767)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    * Previously, the mysqladmin tool waited for an inadequate length of
    time if the socket it listened on did not respond in a specific way.
    Consequently, when the socket was used while the MariaDB server was
    starting, the mariadb service became unresponsive for a long time.
    With this update, the mysqladmin timeout has been shortened to 2
    seconds. As a result, the mariadb service either starts or fails but
    no longer hangs in the described situation. (BZ#1584023)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-August/007941.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-bench-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-devel-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-libs-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-server-5.5.60-1.el7_5")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-test-5.5.60-1.el7_5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0698-1.NASL
    descriptionThis update for mariadb to 10.0.34 fixes several issues. These security issues were fixed : - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108402
    published2018-03-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108402
    titleSUSE SLES12 Security Update : mariadb (SUSE-SU-2018:0698-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0698-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108402);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:47");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2018-2562", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668");
    
      script_name(english:"SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:0698-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to 10.0.34 fixes several issues. These
    security issues were fixed :
    
      - CVE-2017-10378: Vulnerability in subcomponent: Server:
        Optimizer. Easily exploitable vulnerability allowed low
        privileged attacker with network access via multiple
        protocols to compromise MySQL Server. Successful attacks
        of this vulnerability can result in unauthorized ability
        to cause a hang or frequently repeatable crash (complete
        DOS) (bsc#1064115).
    
      - CVE-2017-10268: Vulnerability in subcomponent: Server:
        Replication. Difficult to exploit vulnerability allowed
        high privileged attacker with logon to the
        infrastructure where MySQL Server executes to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized access to critical data or
        complete access to all MySQL Server accessible data
        (bsc#1064101).
    
      - CVE-2018-2562: Vulnerability in the MySQL Server
        subcomponent: Server : Partition. Easily exploitable
        vulnerability allowed low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server as well as unauthorized update, insert or delete
        access to some of MySQL Server accessible data.
    
      - CVE-2018-2622: Vulnerability in the MySQL Server
        subcomponent: Server: DDL. Easily exploitable
        vulnerability allowed low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server.
    
      - CVE-2018-2640: Vulnerability in the MySQL Server
        subcomponent: Server: Optimizer. Successful attacks of
        this vulnerability can result in unauthorized ability to
        cause a hang or frequently repeatable crash (complete
        DOS) of MySQL Server.
    
      - CVE-2018-2665: Vulnerability in the MySQL Server
        subcomponent: Server: Optimizer. Easily exploitable
        vulnerability allowed low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server.
    
      - CVE-2018-2668: Vulnerability in the MySQL Server
        subcomponent: Server: Optimizer. Easily exploitable
        vulnerability allowed low privileged attacker with
        network access via multiple protocols to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of MySQL
        Server.
    
      - CVE-2018-2612: Vulnerability in the MySQL Server
        subcomponent: InnoDB. Easily exploitable vulnerability
        allowed high privileged attacker with network access via
        multiple protocols to compromise MySQL Server.
        Successful attacks of this vulnerability can result in
        unauthorized creation, deletion or modification access
        to critical data or all MySQL Server accessible data and
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of MySQL Server.
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10268/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10378/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2562/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2612/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2622/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2640/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2665/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-2668/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180698-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?12e95d3a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2018-477=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient-devel-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient_r18-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld-devel-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld18-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqld18-debuginfo-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-client-debuginfo-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debuginfo-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-debugsource-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-errormessages-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mariadb-tools-debuginfo-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-32bit-10.0.34-20.43.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libmysqlclient18-debuginfo-32bit-10.0.34-20.43.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-306-01.NASL
    descriptionNew mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104362
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104362
    titleSlackware 14.1 / 14.2 / current : mariadb (SSA:2017-306-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2017-306-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104362);
      script_version("$Revision: 3.2 $");
      script_cvs_date("$Date: 2018/01/26 17:57:43 $");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378");
      script_xref(name:"SSA", value:"2017-306-01");
    
      script_name(english:"Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-306-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mariadb packages are available for Slackware 14.1, 14.2, and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.393003
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4ac80b96"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.1", pkgname:"mariadb", pkgver:"5.5.58", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"mariadb", pkgver:"5.5.58", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"mariadb", pkgver:"10.0.33", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"mariadb", pkgver:"10.0.33", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mariadb", pkgver:"10.2.10", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mariadb", pkgver:"10.2.10", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-9E28C78E07.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2018-01-15
    plugin id105938
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105938
    titleFedora 27 : community-mysql (2017-9e28c78e07)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-9e28c78e07.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105938);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10279", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"FEDORA", value:"2017-9e28c78e07");
    
      script_name(english:"Fedora 27 : community-mysql (2017-9e28c78e07)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A quarter year regular dose of fixed CVE's.
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    
    .
    
    rhbz#1497694 :
    
    Fix owner and perms on log file in post script
    
    CVE fixes: rhbz#1503701
    
    CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
    CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294
    CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
    
    Others :
    
    Move all test binaries to -test package Dont ship unneeded man pages
    on systemd platforms Remove mysql_config_editor from -devel package,
    shipped in client
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e28c78e07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"community-mysql-5.7.20-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-50C790AAED.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2017-11-07
    plugin id104416
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104416
    titleFedora 26 : community-mysql (2017-50c790aaed)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-50c790aaed.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104416);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10279", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"FEDORA", value:"2017-50c790aaed");
    
      script_name(english:"Fedora 26 : community-mysql (2017-50c790aaed)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A quarter year regular dose of fixed CVE's.
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    
    .
    
    rhbz#1497694 :
    
    Fix owner and perms on log file in post script
    
    CVE fixes: rhbz#1503701
    
    CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
    CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294
    CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
    
    Others :
    
    Move all test binaries to -test package Dont ship unneeded man pages
    on systemd platforms Remove mysql_config_editor from -devel package,
    shipped in client
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-50c790aaed"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"community-mysql-5.7.20-1.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1141.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2017-10-20
    plugin id103991
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103991
    titleDebian DLA-1141-1 : mysql-5.5 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1141-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103991);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
    
      script_name(english:"Debian DLA-1141-1 : mysql-5.5 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several issues have been discovered in the MySQL database server. The
    vulnerabilities are addressed by upgrading MySQL to the new upstream
    version 5.5.58, which includes additional changes, such as performance
    improvements, bug fixes, new features, and possibly incompatible
    changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
    Patch Update advisory for further details :
    
    https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
    http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626
    .html
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    5.5.58-0+deb7u1.
    
    We recommend that you upgrade your mysql-5.5 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/10/msg00019.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/mysql-5.5"
      );
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?21aeff63"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmysqlclient-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmysqld-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmysqld-pic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-client-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-source-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libmysqlclient-dev", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libmysqlclient18", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libmysqld-dev", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libmysqld-pic", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-client", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-client-5.5", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-common", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-server", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-server-5.5", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-server-core-5.5", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-source-5.5", reference:"5.5.58-0+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"mysql-testsuite-5.5", reference:"5.5.58-0+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1337.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118425
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118425
    titleEulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118425);
      script_version("1.4");
      script_cvs_date("Date: 2019/06/28 11:31:59");
    
      script_cve_id(
        "CVE-2017-10268",
        "CVE-2017-10378",
        "CVE-2017-10379",
        "CVE-2017-10384",
        "CVE-2017-3636",
        "CVE-2017-3641",
        "CVE-2017-3651",
        "CVE-2017-3653",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2755",
        "CVE-2018-2761",
        "CVE-2018-2767",
        "CVE-2018-2771",
        "CVE-2018-2781",
        "CVE-2018-2813",
        "CVE-2018-2817",
        "CVE-2018-2819"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the mariadb packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - mysql: Client programs unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3636)
    
      - mysql: Server: DML unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3641)
    
      - mysql: Client mysqldump unspecified vulnerability (CPU
        Jul 2017) (CVE-2017-3651)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Oct 2017) (CVE-2017-10268)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10378)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Oct 2017) (CVE-2017-10379)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Oct
        2017) (CVE-2017-10384)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jan
        2018) (CVE-2018-2622)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2640)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2665)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Jan 2018) (CVE-2018-2668)
    
      - mysql: Server: Replication unspecified vulnerability
        (CPU Apr 2018) (CVE-2018-2755)
    
      - mysql: Client programs unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2761)
    
      - mysql: Server: Locking unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2771)
    
      - mysql: Server: Optimizer unspecified vulnerability (CPU
        Apr 2018) (CVE-2018-2781)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2813)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Apr
        2018) (CVE-2018-2817)
    
      - mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
        (CVE-2018-2819)
    
      - mysql: Server: DDL unspecified vulnerability (CPU Jul
        2017) (CVE-2017-3653)
    
      - mysql: use of SSL/TLS not enforced in libmysqld (Return
        of BACKRONYM) (CVE-2018-2767)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1337
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1739e7a7");
      script_set_attribute(attribute:"solution", value:
    "Update the affected mariadb packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.1");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.1");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["mariadb-5.5.60-1.h1",
            "mariadb-libs-5.5.60-1.h1",
            "mariadb-server-5.5.60-1.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4002.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id103993
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103993
    titleDebian DSA-4002-1 : mysql-5.5 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4002. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103993);
      script_version("3.5");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"DSA", value:"4002");
    
      script_name(english:"Debian DSA-4002-1 : mysql-5.5 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several issues have been discovered in the MySQL database server. The
    vulnerabilities are addressed by upgrading MySQL to the new upstream
    version 5.5.58, which includes additional changes, such as performance
    improvements, bug fixes, new features, and possibly incompatible
    changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
    Patch Update advisory for further details :
    
      -
        https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
        -58.html
      -
        http://www.oracle.com/technetwork/security-advisory/cpuo
        ct2017-3236626.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html"
      );
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?21aeff63"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/mysql-5.5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-4002"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mysql-5.5 packages.
    
    For the oldstable distribution (jessie), these problems have been
    fixed in version 5.5.58-0+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libmysqlclient-dev", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqlclient18", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqld-dev", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqld-pic", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-client", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-client-5.5", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-common", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server-5.5", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server-core-5.5", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-source-5.5", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-testsuite", reference:"5.5.58-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-testsuite-5.5", reference:"5.5.58-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0384-1.NASL
    descriptionThis update for mariadb to version 10.0.33 fixes several issues. These security issues were fixed : - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106673
    published2018-02-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106673
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:0384-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0384-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106673);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/10 13:51:46");
    
      script_cve_id("CVE-2017-10268", "CVE-2017-10378");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:0384-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for mariadb to version 10.0.33 fixes several issues. These
    security issues were fixed :
    
      - CVE-2017-10378: Vulnerability in subcomponent: Server:
        Optimizer. Easily exploitable vulnerability allowed low
        privileged attacker with network access via multiple
        protocols to compromise MySQL Server. Successful attacks
        of this vulnerability can result in unauthorized ability
        to cause a hang or frequently repeatable crash (complete
        DOS) of MySQL Server (bsc#1064115).
    
      - CVE-2017-10268: Vulnerability in subcomponent: Server:
        Replication. Difficult to exploit vulnerability allowed
        high privileged attacker with logon to the
        infrastructure where MySQL Server executes to compromise
        MySQL Server. Successful attacks of this vulnerability
        can result in unauthorized access to critical data or
        complete access to all MySQL Server accessible data
        (bsc#1064101).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1076505"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10268/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10378/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180384-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f4980e52"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2018-270=1
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2018-270=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-270=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2018-270=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2018-270=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-270=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2018-270=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-270=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2018-270=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmysqlclient_r18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-errormessages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libmysqlclient18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libmysqlclient18-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-client-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-client-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-debugsource-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-errormessages-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-tools-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"mariadb-tools-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libmysqlclient18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libmysqlclient18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libmysqlclient18-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-client-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-client-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-debugsource-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-errormessages-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-tools-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"mariadb-tools-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libmysqlclient18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-client-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-debugsource-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"mariadb-errormessages-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient_r18-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmysqlclient_r18-32bit-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-client-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-client-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-debuginfo-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-debugsource-10.0.33-29.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mariadb-errormessages-10.0.33-29.13.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_5_7_12_RPM.NASL
    descriptionThe version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject
    last seen2020-06-04
    modified2016-05-02
    plugin id90834
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90834
    titleOracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)
  • NASL familyDatabases
    NASL idMYSQL_5_5_58_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.58. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-10-19
    plugin id103965
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103965
    titleMySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1078.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)
    last seen2020-06-01
    modified2020-06-02
    plugin id117592
    published2018-09-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117592
    titleAmazon Linux 2 : mariadb (ALAS-2018-1078)
  • NASL familyDatabases
    NASL idMYSQL_5_5_58.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.58. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-04-30
    modified2017-10-20
    plugin id104048
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104048
    titleMySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (October 2017 CPU)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201802-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id106885
    published2018-02-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106885
    titleGLSA-201802-04 : MySQL: Multiple vulnerabilities
  • NASL familyDatabases
    NASL idMARIADB_10_2_10.NASL
    descriptionThe version of MariaDB running on the remote host is 10.2.x prior to 10.2.10. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id105077
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105077
    titleMariaDB 10.2.x < 10.2.10 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1302.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117745
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117745
    titleEulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)
  • NASL familyDatabases
    NASL idMYSQL_5_6_38.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.38. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id104049
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104049
    titleMySQL 5.6.x < 5.6.38 Multiple Vulnerabilities (October 2017 CPU)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4341.NASL
    descriptionSeveral issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10127-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10128-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10129-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10130-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10131-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10132-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10133-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10134-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10135-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10136-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10137-release- notes/
    last seen2020-06-01
    modified2020-06-02
    plugin id119040
    published2018-11-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119040
    titleDebian DSA-4341-1 : mariadb-10.1 - security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2439.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen2020-06-01
    modified2020-06-02
    plugin id112020
    published2018-08-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112020
    titleCentOS 7 : mariadb (CESA-2018:2439)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1407.NASL
    descriptionSeveral issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10033-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/ For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id110816
    published2018-07-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110816
    titleDebian DLA-1407-1 : mariadb-10.0 security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-926.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2017-10379) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10378) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10283) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10227) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10294) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10155) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10314) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10286) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10279)
    last seen2020-06-01
    modified2020-06-02
    plugin id105050
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105050
    titleAmazon Linux AMI : mysql56 / mysql57 (ALAS-2017-926)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C41BEDFDB3F911E7AC58B499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id103954
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103954
    titleFreeBSD : MySQL -- multiple vulnerabilities (c41bedfd-b3f9-11e7-ac58-b499baebfeaf)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1542.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-201 7-3651) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-201 7-3636) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-201 8-2562) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2622) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2640) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2665) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2668) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-201 7-10379) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 7-10378) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-201 7-10268) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 7-10384) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124995
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124995
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1542)
  • NASL familyDatabases
    NASL idMYSQL_5_6_38_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.38. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-10-19
    plugin id103966
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103966
    titleMySQL 5.6.x < 5.6.38 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1196.NASL
    descriptionThis update for mysql-community-server to 5.6.38 fixes the following issues : Full list of changes : http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed : - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes : - add
    last seen2020-06-05
    modified2017-10-30
    plugin id104234
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104234
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2017-1196)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0044_MARIADB.NASL
    descriptionAn update of the mariadb package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121757
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121757
    titlePhoton OS 1.0: Mariadb PHSA-2017-0044
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-927.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.(CVE-2017-10379) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10378) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.(CVE-2017-10268)
    last seen2020-06-01
    modified2020-06-02
    plugin id105051
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105051
    titleAmazon Linux AMI : mysql55 (ALAS-2017-927)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1303.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117746
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117746
    titleEulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2996-1.NASL
    descriptionThis update for mysql to version 5.5.58 fixes the following issues: Fixed security issues : - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 58.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104532
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104532
    titleSUSE SLES11 Security Update : mysql (SUSE-SU-2017:2996-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-95327E44EC.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2017-11-07
    plugin id104419
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104419
    titleFedora 25 : community-mysql (2017-95327e44ec)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2439.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen2020-06-01
    modified2020-06-02
    plugin id111802
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111802
    titleRHEL 7 : mariadb (RHSA-2018:2439)

Redhat

advisories
  • rhsa
    idRHSA-2017:3265
  • rhsa
    idRHSA-2017:3442
  • rhsa
    idRHSA-2018:0279
  • rhsa
    idRHSA-2018:0574
  • rhsa
    idRHSA-2018:2439
  • rhsa
    idRHSA-2018:2729
  • rhsa
    idRHSA-2019:1258
rpms
  • rh-mysql56-mysql-0:5.6.38-1.el6
  • rh-mysql56-mysql-0:5.6.38-1.el7
  • rh-mysql56-mysql-bench-0:5.6.38-1.el6
  • rh-mysql56-mysql-bench-0:5.6.38-1.el7
  • rh-mysql56-mysql-common-0:5.6.38-1.el6
  • rh-mysql56-mysql-common-0:5.6.38-1.el7
  • rh-mysql56-mysql-config-0:5.6.38-1.el6
  • rh-mysql56-mysql-config-0:5.6.38-1.el7
  • rh-mysql56-mysql-debuginfo-0:5.6.38-1.el6
  • rh-mysql56-mysql-debuginfo-0:5.6.38-1.el7
  • rh-mysql56-mysql-devel-0:5.6.38-1.el6
  • rh-mysql56-mysql-devel-0:5.6.38-1.el7
  • rh-mysql56-mysql-errmsg-0:5.6.38-1.el6
  • rh-mysql56-mysql-errmsg-0:5.6.38-1.el7
  • rh-mysql56-mysql-server-0:5.6.38-1.el6
  • rh-mysql56-mysql-server-0:5.6.38-1.el7
  • rh-mysql56-mysql-test-0:5.6.38-1.el6
  • rh-mysql56-mysql-test-0:5.6.38-1.el7
  • rh-mysql57-mysql-0:5.7.20-1.el6
  • rh-mysql57-mysql-0:5.7.20-1.el7
  • rh-mysql57-mysql-common-0:5.7.20-1.el6
  • rh-mysql57-mysql-common-0:5.7.20-1.el7
  • rh-mysql57-mysql-config-0:5.7.20-1.el6
  • rh-mysql57-mysql-config-0:5.7.20-1.el7
  • rh-mysql57-mysql-debuginfo-0:5.7.20-1.el6
  • rh-mysql57-mysql-debuginfo-0:5.7.20-1.el7
  • rh-mysql57-mysql-devel-0:5.7.20-1.el6
  • rh-mysql57-mysql-devel-0:5.7.20-1.el7
  • rh-mysql57-mysql-errmsg-0:5.7.20-1.el6
  • rh-mysql57-mysql-errmsg-0:5.7.20-1.el7
  • rh-mysql57-mysql-server-0:5.7.20-1.el6
  • rh-mysql57-mysql-server-0:5.7.20-1.el7
  • rh-mysql57-mysql-test-0:5.7.20-1.el6
  • rh-mysql57-mysql-test-0:5.7.20-1.el7
  • rh-mariadb100-mariadb-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-bench-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-bench-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-common-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-common-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-config-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-config-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-devel-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-devel-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-server-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-server-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-test-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-test-1:10.0.33-3.el7
  • rh-mariadb101-galera-0:25.3.12-12.el6
  • rh-mariadb101-galera-0:25.3.12-12.el7
  • rh-mariadb101-galera-debuginfo-0:25.3.12-12.el6
  • rh-mariadb101-galera-debuginfo-0:25.3.12-12.el7
  • rh-mariadb101-mariadb-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-bench-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-bench-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-common-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-common-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-config-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-config-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-devel-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-devel-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-server-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-server-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-test-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-test-1:10.1.29-3.el7
  • mariadb-1:5.5.60-1.el7_5
  • mariadb-bench-1:5.5.60-1.el7_5
  • mariadb-debuginfo-1:5.5.60-1.el7_5
  • mariadb-devel-1:5.5.60-1.el7_5
  • mariadb-embedded-1:5.5.60-1.el7_5
  • mariadb-embedded-devel-1:5.5.60-1.el7_5
  • mariadb-libs-1:5.5.60-1.el7_5
  • mariadb-server-1:5.5.60-1.el7_5
  • mariadb-test-1:5.5.60-1.el7_5
  • rh-mariadb102-galera-0:25.3.25-1.el6
  • rh-mariadb102-galera-0:25.3.25-1.el7
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el6
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el7
  • rh-mariadb102-mariadb-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el7