Vulnerabilities > CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql 5.7.0 Oracle Mysql 5.7.1 Oracle Mysql 5.7.2 Oracle Mysql 5.7.3 Oracle Mysql 5.7.4 Oracle Mysql 5.7.5 Oracle Mysql 5.7.6 Oracle Mysql 5.7.7 Oracle Mysql 5.7.8 Oracle Mysql 5.7.9 Oracle Mysql 5.7.10 Oracle Mysql 5.7.11 Oracle Mysql 5.7.12 Oracle Mysql 5.7.13 Oracle Mysql 5.7.14 Oracle Mysql 5.7.15 Oracle Mysql 5.7.16 Oracle Mysql 5.7.17 Oracle Mysql 5.7.18 Oracle Mysql 5.7.19 Oracle Mysql 5.7.20 Oracle Mysql 5.6.0 Oracle Mysql 5.6.1 Oracle Mysql 5.6.2 Oracle Mysql 5.6.3 Oracle Mysql 5.6.4 Oracle Mysql 5.6.5 Oracle Mysql 5.6.6 Oracle Mysql 5.6.7 Oracle Mysql 5.6.8 Oracle Mysql 5.6.9 Oracle Mysql 5.6.10 Oracle Mysql 5.6.11 Oracle Mysql 5.6.12 Oracle Mysql 5.6.13 Oracle Mysql 5.6.14 Oracle Mysql 5.6.15 Oracle Mysql 5.6.16 Oracle Mysql 5.6.17 Oracle Mysql 5.6.18 Oracle Mysql 5.6.19 Oracle Mysql 5.6.20 Oracle Mysql 5.6.21 Oracle Mysql 5.6.22 Oracle Mysql 5.6.23 Oracle Mysql 5.6.24 Oracle Mysql 5.6.25 Oracle Mysql 5.6.26 Oracle Mysql 5.6.27 Oracle Mysql 5.6.28 Oracle Mysql 5.6.29 Oracle Mysql 5.6.30 Oracle Mysql 5.6.31 Oracle Mysql 5.6.32 Oracle Mysql 5.6.33 Oracle Mysql 5.6.34 Oracle Mysql 5.6.35 Oracle Mysql 5.6.36 Oracle Mysql 5.6.37 Oracle Mysql 5.6.38 Oracle Mysql 5.5.0 Oracle Mysql 5.5.1 Oracle Mysql 5.5.2 Oracle Mysql 5.5.3 Oracle Mysql 5.5.4 Oracle Mysql 5.5.5 Oracle Mysql 5.5.6 Oracle Mysql 5.5.7 Oracle Mysql 5.5.8 Oracle Mysql 5.5.9 Oracle Mysql 5.5.10 Oracle Mysql 5.5.11 Oracle Mysql 5.5.12 Oracle Mysql 5.5.13 Oracle Mysql 5.5.14 Oracle Mysql 5.5.15 Oracle Mysql 5.5.16 Oracle Mysql 5.5.17 Oracle Mysql 5.5.18 Oracle Mysql 5.5.19 Oracle Mysql 5.5.20 Oracle Mysql 5.5.21 Oracle Mysql 5.5.22 Oracle Mysql 5.5.23 Oracle Mysql 5.5.24 Oracle Mysql 5.5.25 Oracle Mysql 5.5.26 Oracle Mysql 5.5.27 Oracle Mysql 5.5.28 Oracle Mysql 5.5.29 Oracle Mysql 5.5.30 Oracle Mysql 5.5.31 Oracle Mysql 5.5.32 Oracle Mysql 5.5.33 Oracle Mysql 5.5.34 Oracle Mysql 5.5.35 Oracle Mysql 5.5.36 Oracle Mysql 5.5.37 Oracle Mysql 5.5.38 Oracle Mysql 5.5.39 Oracle Mysql 5.5.40 Oracle Mysql 5.5.41 Oracle Mysql 5.5.42 Oracle Mysql 5.5.43 Oracle Mysql 5.5.44 Oracle Mysql 5.5.45 Oracle Mysql 5.5.46 Oracle Mysql 5.5.47 Oracle Mysql 5.5.48 Oracle Mysql 5.5.49 Oracle Mysql 5.5.50 Oracle Mysql 5.5.51 Oracle Mysql 5.5.52 Oracle Mysql 5.5.53 Oracle Mysql 5.5.54 Oracle Mysql 5.5.55 Oracle Mysql 5.5.56 Oracle Mysql 5.5.57 Oracle Mysql 5.5.58	124
Application	Mariadb Mariadb Mariadb 10.0.0 Mariadb Mariadb 10.0.1 Mariadb Mariadb 10.0.2 Mariadb Mariadb 10.0.3 Mariadb Mariadb 10.0.4 Mariadb Mariadb 10.0.5 Mariadb Mariadb 10.0.6 Mariadb Mariadb 10.0.7 Mariadb Mariadb 10.0.8 Mariadb Mariadb 10.0.9 Mariadb Mariadb 10.0.10 Mariadb Mariadb 10.0.11 Mariadb Mariadb 10.0.12 Mariadb Mariadb 10.0.13 Mariadb Mariadb 10.0.14 Mariadb Mariadb 10.0.15 Mariadb Mariadb 10.0.16 Mariadb Mariadb 10.0.17 Mariadb Mariadb 10.0.18 Mariadb Mariadb 10.0.19 Mariadb Mariadb 10.0.20 Mariadb Mariadb 10.0.21 Mariadb Mariadb 10.0.22 Mariadb Mariadb 10.0.23 Mariadb Mariadb 10.0.24 Mariadb Mariadb 10.0.25 Mariadb Mariadb 10.0.26 Mariadb Mariadb 10.0.27 Mariadb Mariadb 10.0.28 Mariadb Mariadb 10.0.29 Mariadb Mariadb 10.0.30 Mariadb Mariadb 10.0.31 Mariadb Mariadb 10.0.32 Mariadb Mariadb 10.0.33 Mariadb Mariadb 10.0.34 Mariadb Mariadb 10.1.0 Mariadb Mariadb 10.1.1 Mariadb Mariadb 10.1.2 Mariadb Mariadb 10.1.3 Mariadb Mariadb 10.1.4 Mariadb Mariadb 10.1.5 Mariadb Mariadb 10.1.6 Mariadb Mariadb 10.1.7 Mariadb Mariadb 10.1.8 Mariadb Mariadb 10.1.9 Mariadb Mariadb 10.1.10 Mariadb Mariadb 10.1.11 Mariadb Mariadb 10.1.12 Mariadb Mariadb 10.1.13 Mariadb Mariadb 10.1.14 Mariadb Mariadb 10.1.15 Mariadb Mariadb 10.1.16 Mariadb Mariadb 10.1.17 Mariadb Mariadb 10.1.18 Mariadb Mariadb 10.1.19 Mariadb Mariadb 10.1.20 Mariadb Mariadb 10.1.21 Mariadb Mariadb 10.1.22 Mariadb Mariadb 10.1.23 Mariadb Mariadb 10.1.24 Mariadb Mariadb 10.1.25 Mariadb Mariadb 10.1.26 Mariadb Mariadb 10.1.27 Mariadb Mariadb 10.1.28 Mariadb Mariadb 10.1.29 Mariadb Mariadb 10.1.30 Mariadb Mariadb 10.1.31 Mariadb Mariadb 10.1.32 Mariadb Mariadb 10.2.0 Mariadb Mariadb 10.2.1 Mariadb Mariadb 10.2.2 Mariadb Mariadb 10.2.3 Mariadb Mariadb 10.2.4 Mariadb Mariadb 10.2.5 Mariadb Mariadb 10.2.6 Mariadb Mariadb 10.2.7 Mariadb Mariadb 10.2.8 Mariadb Mariadb 10.2.9 Mariadb Mariadb 10.2.10 Mariadb Mariadb 10.2.11 Mariadb Mariadb 10.2.12 Mariadb Mariadb 10.2.13 Mariadb Mariadb 10.2.14 Mariadb Mariadb 5.5.0 Mariadb Mariadb 5.5.20 Mariadb Mariadb 5.5.21 Mariadb Mariadb 5.5.22 Mariadb Mariadb 5.5.23 Mariadb Mariadb 5.5.24 Mariadb Mariadb 5.5.25 Mariadb Mariadb 5.5.27 Mariadb Mariadb 5.5.28 Mariadb Mariadb 5.5.28A Mariadb Mariadb 5.5.33 Mariadb Mariadb 5.5.34 Mariadb Mariadb 5.5.35 Mariadb Mariadb 5.5.40 Mariadb Mariadb 5.5.43 Mariadb Mariadb 5.5.46 Mariadb Mariadb 5.5.47 Mariadb Mariadb 5.5.48 Mariadb Mariadb 5.5.49 Mariadb Mariadb 5.5.50 Mariadb Mariadb 5.5.51 Mariadb Mariadb 5.5.54 Mariadb Mariadb 5.5.55 Mariadb Mariadb 5.5.56 Mariadb Mariadb 5.5.57 Mariadb Mariadb 5.5.58 Mariadb Mariadb 5.5.59	111
Application	Netapp Netapp Snapcenter - Netapp Oncommand Workflow Automation - Netapp Oncommand Insight - Netapp Active IQ Unified Manager 7.3 Netapp Active IQ Unified Manager 9.5 Netapp Active IQ Unified Manager 9.6 Netapp Active IQ Unified Manager 9.10 Netapp Active IQ Unified Manager 9.11P1	11
Application	Redhat Redhat Openstack 12	1
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0 Debian Debian Linux 9.0	3
OS	Canonical Canonical Ubuntu Linux 17.10 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 12.04	5
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux EUS 7.5 Redhat Enterprise Linux EUS 7.6 Redhat Enterprise Linux EUS 7.7 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server TUS 7.7 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server AUS 7.7	10

Nessus

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20180816_MARIADB_ON_SL7_X.NASL
description	The following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es) : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es) : - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation.
last seen	2020-03-18
modified	2018-08-17
plugin id	111806
published	2018-08-17
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111806
title	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(111806); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3651", "CVE-2017-3653", "CVE-2018-2562", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2665", "CVE-2018-2668", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2767", "CVE-2018-2771", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2819"); script_name(english:"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es) : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es) : - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1808&L=scientific-linux-errata&F=&S=&P=2075 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b3ca8f6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-test"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-bench-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-debuginfo-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-devel-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-libs-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-server-5.5.60-1.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-test-5.5.60-1.el7_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc"); }

NASL family	Databases
NASL id	MYSQL_5_5_60_RPM.NASL
description	The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-04
modified	2018-04-19
plugin id	109167
published	2018-04-19
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109167
title	MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(109167); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03"); script_cve_id( "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819" ); script_bugtraq_id( 103814, 103824, 103828, 103830 ); script_name(english:"MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html"); # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76507bf8"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?64303a9a"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.5.60 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2813"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/19"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled"); script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release"); exit(0); } include("mysql_version.inc"); fix_version = "5.5.60"; exists_version = "5.5"; mysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4176.NASL
description	Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle
last seen	2020-06-01
modified	2020-06-02
plugin id	109218
published	2018-04-23
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109218
title	Debian DSA-4176-1 : mysql-5.5 - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4176. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(109218); script_version("1.5"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"); script_xref(name:"DSA", value:"4176"); script_name(english:"Debian DSA-4176-1 : mysql-5.5 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/mysql-5.5" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/mysql-5.5" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4176" ); script_set_attribute( attribute:"solution", value: "Upgrade the mysql-5.5 packages. For the oldstable distribution (jessie), these problems have been fixed in version 5.5.60-0+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libmysqlclient-dev", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libmysqlclient18", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libmysqld-dev", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libmysqld-pic", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-client", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-client-5.5", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-common", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-server", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-server-5.5", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-server-core-5.5", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-source-5.5", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-testsuite", reference:"5.5.60-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"mysql-testsuite-5.5", reference:"5.5.60-0+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Databases
NASL id	MYSQL_5_7_22.NASL
description	The version of MySQL running on the remote host is 5.7.x prior to 5.7.22. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	109170
published	2018-04-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109170
title	MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (April 2018 CPU)

NASL family	Databases
NASL id	MYSQL_5_5_60.NASL
description	The version of MySQL running on the remote host is 5.5.x prior to 5.5.60. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	109166
published	2018-04-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109166
title	MySQL 5.5.x < 5.5.60 Multiple Vulnerabilities (April 2018 CPU)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0034_MARIADB.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3651) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). (CVE-2017-3636) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-3641) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3653) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-10378) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2017-10268) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). (CVE-2017-10379) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2017-10384) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2018-2755) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2018-2767) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2562) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2622) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2761) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2771) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2781) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2018-2813) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2817) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2819) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2455) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3133) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127203
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127203
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1346.NASL
description	According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118434
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118434
title	EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3629-1.NASL
description	Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	109311
published	2018-04-24
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109311
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3629-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-668.NASL
description	This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed : - CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) - CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) - CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) - CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) - CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) - CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) - CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) - CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681) The following changes are included : - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - Fix for Crash in MVCC read after IMPORT TABLESPACE - Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state - Fix for DROP TABLE hang on InnoDB table with FULLTEXT index - Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-05
modified	2018-06-25
plugin id	110679
published	2018-06-25
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110679
title	openSUSE Security Update : mariadb (openSUSE-2018-668)

NASL family	Databases
NASL id	MYSQL_5_6_40.NASL
description	The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	109168
published	2018-04-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109168
title	MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2018-2439.NASL
description	From Red Hat Security Advisory 2018:2439 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
last seen	2020-06-01
modified	2020-06-02
plugin id	111800
published	2018-08-17
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111800
title	Oracle Linux 7 : mariadb (ELSA-2018-2439)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1027.NASL
description	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2787) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)
last seen	2020-06-01
modified	2020-06-02
plugin id	110201
published	2018-05-30
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110201
title	Amazon Linux AMI : mysql56 (ALAS-2018-1027)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1781-1.NASL
description	MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : - PCRE updated to 8.42 - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record - fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 - Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	110682
published	2018-06-25
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110682
title	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:1781-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-405.NASL
description	This update for mysql-community-server to version 5.6.40 fixes the following issues : Security issues fixed : - CVE-2018-2755: Unspecified vulnerability in the Replication component - CVE-2018-2819: Unspecified vulnerability in the InnoDB component - CVE-2018-2817: Unspecified vulnerability in the Server DDL component - CVE-2018-2761: Unspecified vulnerability in the client programs - CVE-2018-2818: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2781: Unspecified vulnerability in the Server Optimizer component - CVE-2018-2771: Unspecified vulnerability in the Server locking component - CVE-2018-2813: Unspecified vulnerability in the Server DDL component - CVE-2018-2773: Unspecified vulnerability in the client programs - CVE-2018-2758: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2805: Unspecified vulnerability in the GIS Extension - CVE-2018-2782: Unspecified vulnerability in the InnoDB component - CVE-2018-2784: Unspecified vulnerability in the InnoDB component - CVE-2018-2787: Unspecified vulnerability in the InnoDB component - CVE-2018-2766: Unspecified vulnerability in the InnoDB component This update also contains all upstream fixes and improvement in the 5.6.40 release: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html
last seen	2020-06-05
modified	2018-04-30
plugin id	109424
published	2018-04-30
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109424
title	openSUSE Security Update : mysql-community-server (openSUSE-2018-405)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-2513B888A4.NASL
description	MariaDB 10.2.15 Release notes : https://mariadb.com/kb/en/library/mariadb-10215-release-notes/ CVEs fixed : CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810 New features : - Now builds with lz4 support Enhacements : - mysqladmin is now used to check the socket when the daemon is starting issues : - Please note, that TokuDB storage engine is being build in a unsupported way - without jemalloc. it will remain this way, until TokuDB is fixed to be able to build and run with jemalloc 5 or witout jemalloc at all. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120297
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120297
title	Fedora 28 : 3:mariadb (2018-2513b888a4)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_57AEC168453E11E88777B499BAEBFEAF.NASL
description	Oracle reports : MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges - A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755]. - A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805]. - A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819]. - A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818]. - A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817]. - A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816]. - A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773]. - A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787]. - A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812]. - A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877]. - A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810]. - A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839]. - A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846]. - A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769]. - A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776]. - A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762]. - A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771]. - A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].
last seen	2020-06-01
modified	2020-06-02
plugin id	109228
published	2018-04-23
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109228
title	FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1382-1.NASL
description	MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : - PCRE updated to 8.42 - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record - fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 - Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	110089
published	2018-05-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110089
title	SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1382-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1781-2.NASL
description	MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118270
published	2018-10-22
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118270
title	SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1781-2)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1026.NASL
description	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2787) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-2812) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2759) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2780) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2762) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2769) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2786) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2777) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2775) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-2779) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2782) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2784) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2810) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2758) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2766) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2816) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2839) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2846) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2778) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2776) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)
last seen	2020-06-01
modified	2020-06-02
plugin id	110200
published	2018-05-30
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110200
title	Amazon Linux AMI : mysql57 (ALAS-2018-1026)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1337.NASL
description	According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118425
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118425
title	EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0130_MYSQL.NASL
description	An update of the mysql package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121834
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121834
title	Photon OS 1.0: Mysql PHSA-2018-1.0-0130

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1028.NASL
description	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2818) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2773) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)
last seen	2020-06-01
modified	2020-06-02
plugin id	110202
published	2018-05-30
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110202
title	Amazon Linux AMI : mysql55 (ALAS-2018-1028)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2018-130-01.NASL
description	New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	109685
published	2018-05-11
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109685
title	Slackware 14.1 / 14.2 : mariadb (SSA:2018-130-01)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-00E90783D2.NASL
description	MySQL 5.7.22 Changelog https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html CVEs fixed CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120201
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120201
title	Fedora 28 : community-mysql (2018-00e90783d2)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-427.NASL
description	This update for mariadb to version 10.2.15 fixes the following issues : These security issues were fixed : - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return of BACKRONYM) (bsc#1088681). - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987). - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987, bsc#1090518). - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allowed unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data (bsc#1089987, bsc#1090518). These non-security issues were fixed : - PCRE updated to 8.42 - Incomplete validation of missing tablespace during recovery - ib_buffer_pool unnecessarily includes the temporary tablespace - InnoDB may write uninitialized garbage to redo log - Virtual Columns: Assertion failed in dict_table_get_col_name - slow innodb startup/shutdown can exceed systemd timeout - Assertion failed in dict_check_sys_tables on upgrade from 5.5 - Change buffer crash during TRUNCATE or DROP TABLE - temporary table ROLLBACK fixes For additional details please see - https://mariadb.com/kb/en/library/mariadb-10215-release-notes - https://mariadb.com/kb/en/library/mariadb-10215-changelog
last seen	2020-06-01
modified	2020-06-02
plugin id	123187
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123187
title	openSUSE Security Update : mariadb (openSUSE-2019-427)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-572.NASL
description	This update for mariadb to version 10.2.15 fixes the following issues : These security issues were fixed : - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return of BACKRONYM) (bsc#1088681). - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987). - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987, bsc#1090518). - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allowed unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data (bsc#1089987, bsc#1090518). These non-security issues were fixed : - PCRE updated to 8.42 - Incomplete validation of missing tablespace during recovery - ib_buffer_pool unnecessarily includes the temporary tablespace - InnoDB may write uninitialized garbage to redo log - Virtual Columns: Assertion failed in dict_table_get_col_name - slow innodb startup/shutdown can exceed systemd timeout - Assertion failed in dict_check_sys_tables on upgrade from 5.5 - Change buffer crash during TRUNCATE or DROP TABLE - temporary table ROLLBACK fixes For additional details please see - https://mariadb.com/kb/en/library/mariadb-10215-release-notes - https://mariadb.com/kb/en/library/mariadb-10215-changelog
last seen	2020-06-05
modified	2018-06-08
plugin id	110408
published	2018-06-08
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110408
title	openSUSE Security Update : mariadb (openSUSE-2018-572)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3629-3.NASL
description	USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details : Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	109467
published	2018-05-01
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109467
title	Ubuntu 18.04 LTS : mysql-5.7 vulnerabilities (USN-3629-3)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2018-1078.NASL
description	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)
last seen	2020-06-01
modified	2020-06-02
plugin id	117592
published	2018-09-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117592
title	Amazon Linux 2 : mariadb (ALAS-2018-1078)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1541.NASL
description	According to the versions of the mariadb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2761) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-201 8-2755) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2771) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2819) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2781) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-201 8-2813) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-201 8-2817) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-201 7-3641) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-201 7-3653) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124994
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124994
title	EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-1_0-0130.NASL
description	An update of 'mysql', 'openjdk',openjre packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111932
published	2018-08-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111932
title	Photon OS 1.0: Mysql / Openjdk PHSA-2018-1.0-0130 (deprecated)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-86026275EA.NASL
description	MariaDB 10.2.15 Release notes : https://mariadb.com/kb/en/library/mariadb-10215-release-notes/ CVEs fixed : CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810 New features : - Now builds with lz4 support Enhacements : - mysqladmin is now used to check the socket when the daemon is starting issues : - Please note, that TokuDB storage engine is being build in a unsupported way - without jemalloc. it will remain this way, until TokuDB is fixed to be able to build and run with jemalloc 5 or witout jemalloc at all. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-06-25
plugin id	110668
published	2018-06-25
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110668
title	Fedora 27 : 3:mariadb (2018-86026275ea)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1355.NASL
description	Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle
last seen	2020-03-17
modified	2018-04-20
plugin id	109187
published	2018-04-20
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109187
title	Debian DLA-1355-1 : mysql-5.5 security update

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1302.NASL
description	According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-09-27
plugin id	117745
published	2018-09-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117745
title	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4341.NASL
description	Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10127-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10128-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10129-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10130-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10131-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10132-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10133-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10134-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10135-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10136-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10137-release- notes/
last seen	2020-06-01
modified	2020-06-02
plugin id	119040
published	2018-11-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119040
title	Debian DSA-4341-1 : mariadb-10.1 - security update

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-2439.NASL
description	An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
last seen	2020-06-01
modified	2020-06-02
plugin id	112020
published	2018-08-21
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112020
title	CentOS 7 : mariadb (CESA-2018:2439)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1407.NASL
description	Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.35. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10033-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10034-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10035-release-notes/ For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	110816
published	2018-07-02
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110816
title	Debian DLA-1407-1 : mariadb-10.0 security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-8B920C2B00.NASL
description	MySQL 5.7.22 Changelog https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html CVEs fixed CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-05-04
plugin id	109563
published	2018-05-04
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109563
title	Fedora 26 : community-mysql (2018-8b920c2b00)

NASL family	Databases
NASL id	MYSQL_5_6_40_RPM.NASL
description	The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-04
modified	2018-04-19
plugin id	109169
published	2018-04-19
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109169
title	MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201908-24.NASL
description	The remote host is affected by the vulnerability described in GLSA-201908-24 (MariaDB, MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	127973
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127973
title	GLSA-201908-24 : MariaDB, MySQL: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-7025A5C25D.NASL
description	MySQL 5.7.22 Changelog https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html CVEs fixed CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-05-04
plugin id	109561
published	2018-05-04
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109561
title	Fedora 27 : community-mysql (2018-7025a5c25d)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1333-1.NASL
description	This update fixes the following issues : - Update to 5.5.60 in Oracle Apr2018 CPU (bsc#1089987). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2818: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). - CVE-2018-2773: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	109938
published	2018-05-21
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109938
title	SUSE SLES11 Security Update : mysql (SUSE-SU-2018:1333-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1303.NASL
description	According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-09-27
plugin id	117746
published	2018-09-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117746
title	EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-D955395C08.NASL
description	Update to 10.1.33 . Release notes: https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ CVEs fixed: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-05-23
plugin id	109973
published	2018-05-23
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109973
title	Fedora 26 : 3:mariadb (2018-d955395c08)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-2439.NASL
description	An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
last seen	2020-06-01
modified	2020-06-02
plugin id	111802
published	2018-08-17
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111802
title	RHEL 7 : mariadb (RHSA-2018:2439)

NASL family	Databases
NASL id	MYSQL_5_7_22_RPM.NASL
description	The version of MySQL running on the remote host is 5.7.x prior to 5.7.22. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-04
modified	2018-04-19
plugin id	109171
published	2018-04-19
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109171
title	MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

Redhat

advisories

rhsa
id RHSA-2018:1254
rhsa
id RHSA-2018:2439
rhsa
id RHSA-2018:2729
rhsa
id RHSA-2018:3655
rhsa
id RHSA-2019:1258

rpms

rh-mysql56-mysql-0:5.6.40-1.el6
rh-mysql56-mysql-0:5.6.40-1.el7
rh-mysql56-mysql-bench-0:5.6.40-1.el6
rh-mysql56-mysql-bench-0:5.6.40-1.el7
rh-mysql56-mysql-common-0:5.6.40-1.el6
rh-mysql56-mysql-common-0:5.6.40-1.el7
rh-mysql56-mysql-config-0:5.6.40-1.el6
rh-mysql56-mysql-config-0:5.6.40-1.el7
rh-mysql56-mysql-debuginfo-0:5.6.40-1.el6
rh-mysql56-mysql-debuginfo-0:5.6.40-1.el7
rh-mysql56-mysql-devel-0:5.6.40-1.el6
rh-mysql56-mysql-devel-0:5.6.40-1.el7
rh-mysql56-mysql-errmsg-0:5.6.40-1.el6
rh-mysql56-mysql-errmsg-0:5.6.40-1.el7
rh-mysql56-mysql-server-0:5.6.40-1.el6
rh-mysql56-mysql-server-0:5.6.40-1.el7
rh-mysql56-mysql-test-0:5.6.40-1.el6
rh-mysql56-mysql-test-0:5.6.40-1.el7
mariadb-1:5.5.60-1.el7_5
mariadb-bench-1:5.5.60-1.el7_5
mariadb-debuginfo-1:5.5.60-1.el7_5
mariadb-devel-1:5.5.60-1.el7_5
mariadb-embedded-1:5.5.60-1.el7_5
mariadb-embedded-devel-1:5.5.60-1.el7_5
mariadb-libs-1:5.5.60-1.el7_5
mariadb-server-1:5.5.60-1.el7_5
mariadb-test-1:5.5.60-1.el7_5
rh-mysql57-mysql-0:5.7.24-1.el7
rh-mysql57-mysql-0:5.7.24-2.el6
rh-mysql57-mysql-common-0:5.7.24-1.el7
rh-mysql57-mysql-common-0:5.7.24-2.el6
rh-mysql57-mysql-config-0:5.7.24-1.el7
rh-mysql57-mysql-config-0:5.7.24-2.el6
rh-mysql57-mysql-debuginfo-0:5.7.24-1.el7
rh-mysql57-mysql-debuginfo-0:5.7.24-2.el6
rh-mysql57-mysql-devel-0:5.7.24-1.el7
rh-mysql57-mysql-devel-0:5.7.24-2.el6
rh-mysql57-mysql-errmsg-0:5.7.24-1.el7
rh-mysql57-mysql-errmsg-0:5.7.24-2.el6
rh-mysql57-mysql-server-0:5.7.24-1.el7
rh-mysql57-mysql-server-0:5.7.24-2.el6
rh-mysql57-mysql-test-0:5.7.24-1.el7
rh-mysql57-mysql-test-0:5.7.24-2.el6
rh-mariadb102-galera-0:25.3.25-1.el6
rh-mariadb102-galera-0:25.3.25-1.el7
rh-mariadb102-galera-debuginfo-0:25.3.25-1.el6
rh-mariadb102-galera-debuginfo-0:25.3.25-1.el7
rh-mariadb102-mariadb-1:10.2.22-1.el6
rh-mariadb102-mariadb-1:10.2.22-1.el7
rh-mariadb102-mariadb-backup-1:10.2.22-1.el6
rh-mariadb102-mariadb-backup-1:10.2.22-1.el7
rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-bench-1:10.2.22-1.el6
rh-mariadb102-mariadb-bench-1:10.2.22-1.el7
rh-mariadb102-mariadb-common-1:10.2.22-1.el6
rh-mariadb102-mariadb-common-1:10.2.22-1.el7
rh-mariadb102-mariadb-config-1:10.2.22-1.el6
rh-mariadb102-mariadb-config-1:10.2.22-1.el7
rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el6
rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el7
rh-mariadb102-mariadb-devel-1:10.2.22-1.el6
rh-mariadb102-mariadb-devel-1:10.2.22-1.el7
rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el6
rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el7
rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el6
rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el7
rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el6
rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el7
rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el6
rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el7
rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el6
rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el7
rh-mariadb102-mariadb-test-1:10.2.22-1.el6
rh-mariadb102-mariadb-test-1:10.2.22-1.el7

Vulnerabilities > CVE-2018-2755 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2018-2755"}]}

Summary

Vulnerable Configurations

Nessus

Redhat

References

Vulnerabilities > CVE-2018-2755