MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files.
{"fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 0.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-06-16T17:51:10", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mariadb-10.1.24-3.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2017-06-16T17:51:10", "id": "FEDORA:5C8506050C23", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7MHNDNU6FXIUDHZCJ7UUPLQ5USQQMB7R/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 0.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-06-16T18:53:40", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mariadb-10.1.24-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2017-06-16T18:53:40", "id": "FEDORA:B9E546079270", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MDVYS43SNVTIM4TF72GOUFHSEEXCOV6N/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 0.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-02-09T04:23:02", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mariadb-10.1.21-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318"], "modified": "2017-02-09T04:23:02", "id": "FEDORA:F10EA607973C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FJPGXCDBERIBJEP5CZBRIZH3IH2KTCZ6/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 0.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-02-09T20:51:26", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mariadb-10.1.21-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3318"], "modified": "2017-02-09T20:51:26", "id": "FEDORA:05AD561BBDDB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LY2IAY3YGRQXOMCF4RJGIU5Z4RXYBAB5/", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-28T14:36:49", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "modified": "2017-04-28T14:36:49", "id": "FEDORA:71E11608B7FE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MB5SZT5BAFCUT55PJMCCOKBFOMU3HKDP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-29T01:18:25", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "modified": "2017-04-29T01:18:25", "id": "FEDORA:58B4160560B7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EQH45AYFHK42UGBCFSWYK6KLNGLLZL6F/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-29T01:50:21", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "modified": "2017-04-29T01:50:21", "id": "FEDORA:9F8E3604CCE0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QOWPGPNTTFLBU4FLUDMW6ZAP5DUP4QXS/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-22T14:31:34", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mariadb-10.1.33-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2018-2755", "CVE-2018-2761", "CVE-2018-2766", "CVE-2018-2771", "CVE-2018-2773", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2787", "CVE-2018-2813", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819"], "modified": "2018-05-22T14:31:34", "id": "FEDORA:DDCB860779BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2017-8425f676f2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mariadb FEDORA-2017-8425f676f2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872771\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-17 07:22:43 +0200 (Sat, 17 Jun 2017)\");\n script_cve_id(\"CVE-2017-3313\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\",\n \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3238\", \"CVE-2017-3243\",\n \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\",\n \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2017-8425f676f2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8425f676f2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MHNDNU6FXIUDHZCJ7UUPLQ5USQQMB7R\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.24~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2017-2c0609b92a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mariadb FEDORA-2017-2c0609b92a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872773\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-17 07:23:23 +0200 (Sat, 17 Jun 2017)\");\n script_cve_id(\"CVE-2017-3313\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\",\n \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3238\", \"CVE-2017-3243\",\n \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\",\n \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2017-2c0609b92a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2c0609b92a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDVYS43SNVTIM4TF72GOUFHSEEXCOV6N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.24~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:32", "description": "Several issues have been discovered in\nthe MySQL database server. The vulnerabilities are addressed by upgrading MySQL to\nthe new upstream version 5.5.54, which includes additional changes, such as\nperformance improvements, bug fixes, new features, and possibly incompatible\nchanges.", "cvss3": {}, "published": "2017-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3767-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3258"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703767", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3767.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3767-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703767\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\",\n \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\",\n \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_name(\"Debian Security Advisory DSA 3767-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-19 00:00:00 +0100 (Thu, 19 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3767.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 5.5.54-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in\nthe MySQL database server. The vulnerabilities are addressed by upgrading MySQL to\nthe new upstream version 5.5.54, which includes additional changes, such as\nperformance improvements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.54-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:57:35", "description": "Several issues have been discovered in\nthe MySQL database server. The vulnerabilities are addressed by upgrading MySQL to\nthe new upstream version 5.5.54, which includes additional changes, such as\nperformance improvements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "cvss3": {}, "published": "2017-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3767-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3258"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703767", "href": "http://plugins.openvas.org/nasl.php?oid=703767", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3767.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3767-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703767);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\",\n \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\",\n \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_name(\"Debian Security Advisory DSA 3767-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-19 00:00:00 +0100 (Thu, 19 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3767.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 5.5.54-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in\nthe MySQL database server. The vulnerabilities are addressed by upgrading MySQL to\nthe new upstream version 5.5.54, which includes additional changes, such as\nperformance improvements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.54-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-03T18:38:11", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jan2017-2881727) 02 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3258"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310809866", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809866", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (jan2017-2881727) 02 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809866\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3318\", \"CVE-2017-3291\", \"CVE-2017-3317\",\n \"CVE-2017-3258\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3244\",\n \"CVE-2017-3265\");\n script_bugtraq_id(95571, 95560, 95491, 95527, 95565, 95588, 95501, 95585, 95520);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 18:37:01 +0530 (Wed, 18 Jan 2017)\");\n script_name(\"Oracle Mysql Security Updates (jan2017-2881727) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to, multiple\n unspecified errors in sub components 'Error Handling', 'Logging', 'MyISAM',\n 'Packaging', 'Optimizer', 'DML' and 'DDL'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to have an impact on availability,\n confidentiality and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version\n 5.5.53 and earlier, 5.6.34 and earlier, 5.7.16 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.53\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.34\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.16\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-04-03T18:40:16", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jan2017-2881727) 02 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3318", "CVE-2017-3258"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310809865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809865", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (jan2017-2881727) 02 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809865\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3318\", \"CVE-2017-3291\", \"CVE-2017-3317\",\n \"CVE-2017-3258\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3244\",\n \"CVE-2017-3265\");\n script_bugtraq_id(95571, 95560, 95491, 95527, 95565, 95588, 95501, 95585, 95520);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 18:37:01 +0530 (Wed, 18 Jan 2017)\");\n script_name(\"Oracle Mysql Security Updates (jan2017-2881727) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to, multiple\n unspecified errors in sub components 'Error Handling', 'Logging', 'MyISAM',\n 'Packaging', 'Optimizer', 'DML' and 'DDL'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to have an impact on availability,\n confidentiality and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version\n 5.5.53 and earlier, 5.6.34 and earlier, 5.7.16 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.53\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.34\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.16\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2017-801e01d1ed", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mariadb FEDORA-2017-801e01d1ed\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872356\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:38:47 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\",\n \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\",\n \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2017-801e01d1ed\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-801e01d1ed\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJPGXCDBERIBJEP5CZBRIZH3IH2KTCZ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.21~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2017-0f44f2b8c8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mariadb FEDORA-2017-0f44f2b8c8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872336\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:37:29 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\",\n \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\",\n \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2017-0f44f2b8c8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0f44f2b8c8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LY2IAY3YGRQXOMCF4RJGIU5Z4RXYBAB5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.21~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1170)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3651", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3258"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171170", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1170\");\n script_version(\"2020-01-23T10:55:11+0000\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\", \"CVE-2017-3651\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:55:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:55:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1170)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1170\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1170\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2017-1170 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\nA flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\nMultiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\nIt was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\nMultiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\nA flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.56~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3651", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3258"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171169", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1169\");\n script_version(\"2020-01-23T10:54:51+0000\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\", \"CVE-2017-3651\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:54:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:54:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1169)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1169\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1169\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mariadb' package(s) announced via the EulerOS-SA-2017-1169 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\nA flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\nMultiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\nIt was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\nMultiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\nA flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302)\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\");\n\n script_tag(name:\"affected\", value:\"'mariadb' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.56~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "RedHat Update for mariadb RHSA-2017:2192-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2017-3302", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3243", "CVE-2017-3318", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3258"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871856", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2192-01_mariadb.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for mariadb RHSA-2017:2192-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871856\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:28 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\",\n \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\",\n \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\",\n \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mariadb RHSA-2017:2192-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL\n database server that is binary compatible with MySQL. The following packages\n have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933)\n Security Fix(es): * It was discovered that the mysql and mysqldump tools did not\n correctly handle database and table names containing newline characters. A\n database user with privileges to create databases or tables could cause the\n mysql command to execute arbitrary shell or SQL commands while restoring\n database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n * A flaw was found in the way the mysqld_safe script handled creation of error\n log file. The mysql operating system user could use this flaw to escalate their\n privileges to root. (CVE-2016-5617, CVE-2016-6664) * Multiple flaws were found\n in the way the MySQL init script handled initialization of the database data\n directory and permission setting on the error log file. The mysql operating\n system user could use these flaws to escalate their privileges to root.\n (CVE-2017-3265) * It was discovered that the mysqld_safe script honored the\n ledir option value set in a MySQL configuration file. A user able to modify one\n of the MySQL configuration files could use this flaw to escalate their\n privileges to root. (CVE-2017-3291) * Multiple flaws were found in the way the\n mysqld_safe script handled creation of error log file. The mysql operating\n system user could use these flaws to escalate their privileges to root.\n (CVE-2017-3312) * A flaw was found in the way MySQL client library\n (libmysqlclient) handled prepared statements when server connection was lost. A\n malicious server or a man-in-the-middle attacker could possibly use this flaw to\n crash an application using libmysqlclient. (CVE-2017-3302) * This update fixes\n several vulnerabilities in the MariaDB database server. Information about these\n flaws can be found on the Oracle Critical Patch Update Advisory page, listed in\n the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244,\n CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,\n CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) Additional Changes:\n For detailed information on changes in this release, see the Red Hat Enterprise\n Linux 7.4 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2192-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.56~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:2119-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851587", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851587\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-10 07:29:53 +0200 (Thu, 10 Aug 2017)\");\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\",\n \"CVE-2017-3464\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:2119-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This MariaDB update to version 10.0.31 GA fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable'\n vulnerability allows low privileged attacker with network access via\n multiple protocols to compromise MariaDB Server. Successful attacks of\n this vulnerability can result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS). (bsc#1048715)\n\n Bug fixes:\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service\n in order to follow the upstream. It also fixes hanging\n mysql-systemd-helper when mariadb fails (e.g. because of the\n misconfiguration) (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\n Release notes and changelog are linked in the references.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2119-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10031-release-notes\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10031-changelog\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.31~20.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:57:35", "description": "Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB\nto the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for\nfurther details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/", "cvss3": {}, "published": "2017-01-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3770-1 (mariadb-10.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3258"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703770", "href": "http://plugins.openvas.org/nasl.php?oid=703770", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3770.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3770-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703770);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\",\n \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\",\n \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_name(\"Debian Security Advisory DSA 3770-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-22 00:00:00 +0100 (Sun, 22 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3770.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.29-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB\nto the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for\nfurther details:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.29-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:28:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:0486-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3258"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851490", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851490\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-17 05:51:43 +0100 (Fri, 17 Feb 2017)\");\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\",\n \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\",\n \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mariadb (openSUSE-SU-2017:0486-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This mariadb version update to 10.0.29 fixes the following issues:\n\n - CVE-2017-3318: unspecified vulnerability affecting Error Handling\n (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in mysqld_safe,\n incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL component\n (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the DML component\n (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the Charsets\n component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the Optimizer\n component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL (libmysqlclient.so) had\n a use-after-free issue that could cause the applications to crash\n (bsc#1022428)\n\n - notable changes:\n\n * XtraDB updated to 5.6.34-79.1\n\n * TokuDB updated to 5.6.34-79.1\n\n * Innodb updated to 5.6.35\n\n * Performance Schema updated to 5.6.35\n\n Release notes and changelog are linked in the references.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0486-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10029-release-notes\");\n script_xref(name:\"URL\", value:\"https://kb.askmonty.org/en/mariadb-10029-changelog\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.29~18.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB\nto the new upstream version 10.0.29.", "cvss3": {}, "published": "2017-01-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3770-1 (mariadb-10.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2016-6664", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3258"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703770", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3770.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3770-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703770\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\",\n \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\",\n \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_name(\"Debian Security Advisory DSA 3770-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-22 00:00:00 +0100 (Sun, 22 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3770.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 10.0.29-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in\nthe MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB\nto the new upstream version 10.0.29.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.29-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:0479-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2016-8327", "CVE-2016-8318", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3273", "CVE-2017-3258"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851491", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851491\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-17 05:51:55 +0100 (Fri, 17 Feb 2017)\");\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3244\",\n \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\",\n \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\",\n \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:0479-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-community-server'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql-community-server was updated to version 5.6.35 to fix bugs and\n security issues:\n\n * Changes are available in the linked references.\n\n * Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873],\n CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244\n [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882],\n CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313\n [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894],\n CVE-2017-3318 [boo#1020896]\");\n\n script_tag(name:\"affected\", value:\"mysql-community-server on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0479-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2020-01-31T18:28:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:0618-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2016-8327", "CVE-2016-8318", "CVE-2017-3318", "CVE-2017-3257", "CVE-2017-3273", "CVE-2017-3258"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851520", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851520\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-07 05:44:29 +0100 (Tue, 07 Mar 2017)\");\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3244\",\n \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\",\n \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\",\n \"CVE-2017-3318\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:0618-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-community-server'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mysql-community-server was updated to version 5.6.35 to fix bugs and\n security issues:\n\n * Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873],\n CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244\n [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882],\n CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313\n [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894],\n CVE-2017-3318 [boo#1020896]\");\n\n script_tag(name:\"affected\", value:\"mysql-community-server on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0618-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.35~22.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for mysql-5.7 USN-3174-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3312", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3317", "CVE-2017-3313", "CVE-2016-8327", "CVE-2016-8318", "CVE-2017-3251", "CVE-2017-3243", "CVE-2017-3318", "CVE-2017-3273", "CVE-2017-3320", "CVE-2017-3258", "CVE-2017-3256", "CVE-2017-3319"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.7 USN-3174-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843022\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-20 05:40:06 +0100 (Fri, 20 Jan 2017)\");\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3243\",\n\t\t\"CVE-2017-3244\", \"CVE-2017-3251\", \"CVE-2017-3256\", \"CVE-2017-3258\",\n\t\t\"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\",\n\t\t\"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3319\",\n\t\t\"CVE-2017-3320\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.7 USN-3174-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\nUbuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.7 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3174-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3174-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.54-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.17-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.54-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.17-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32.", "cvss3": {}, "published": "2017-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3944-1 (mariadb-10.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3641", "CVE-2017-3453", "CVE-2017-3464", "CVE-2017-3653", "CVE-2017-3636"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703944", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3944.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3944-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703944\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_name(\"Debian Security Advisory DSA 3944-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-17 00:00:00 +0200 (Thu, 17 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3944.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.32-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-ef6bed485e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450", "CVE-2017-3599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872629", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2017-ef6bed485e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872629\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:22 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\",\n \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-ef6bed485e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ef6bed485e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQH45AYFHK42UGBCFSWYK6KLNGLLZL6F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.18~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3265", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3450", "CVE-2017-3599"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872627\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 14:19:18 +0530 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\",\n \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2017-fe6e14dcf9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fe6e14dcf9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOWPGPNTTFLBU4FLUDMW6ZAP5DUP4QXS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.7.18~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-03T18:39:09", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310810883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810883", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810883\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3309\", \"CVE-2017-3308\", \"CVE-2017-3329\", \"CVE-2017-3456\",\n \"CVE-2017-3453\", \"CVE-2017-3600\", \"CVE-2017-3462\", \"CVE-2017-3463\",\n \"CVE-2017-3461\", \"CVE-2017-3464\");\n script_bugtraq_id(97742, 97725, 97763, 97831, 97776, 97765, 97851, 97849, 97812,\n 97818);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 16:44:58 +0530 (Wed, 19 Apr 2017)\");\n script_name(\"Oracle Mysql Security Updates (apr2017-3236618) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in the 'Server: DML', 'Server: Optimizer',\n 'Server: Thread Pooling', 'Client mysqldump', 'Server: Security: Privileges'\n components of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have impact on availability, confidentiality\n and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.54 and earlier,\n 5.6.35 and earlier, 5.7.17 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.54\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.35\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.17\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-04-03T18:41:15", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-04-19T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310810882", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810882", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810882\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3309\", \"CVE-2017-3308\", \"CVE-2017-3329\", \"CVE-2017-3456\",\n \"CVE-2017-3453\", \"CVE-2017-3600\", \"CVE-2017-3462\", \"CVE-2017-3463\",\n \"CVE-2017-3461\", \"CVE-2017-3464\");\n script_bugtraq_id(97742, 97725, 97763, 97831, 97776, 97765, 97851, 97849, 97812,\n 97818);\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 16:44:58 +0530 (Wed, 19 Apr 2017)\");\n script_name(\"Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in the 'Server: DML', 'Server: Optimizer',\n 'Server: Thread Pooling', 'Client mysqldump', 'Server: Security: Privileges'\n components of the application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to have impact on availability, confidentiality\n and integrity.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.54 and earlier,\n 5.6.35 and earlier, 5.7.17 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.54\") ||\n version_in_range(version:vers, test_version:\"5.6\", test_version2:\"5.6.35\") ||\n version_in_range(version:vers, test_version:\"5.7\", test_version2:\"5.7.17\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:31", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890916", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890916\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00035.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.5.55-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqlclient18\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:05", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703834", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3834.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3834-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703834\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 00:00:00 +0200 (Tue, 25 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3834.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2017-07-24T12:57:22", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3305"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703834", "href": "http://plugins.openvas.org/nasl.php?oid=703834", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3834.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3834-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703834);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n script_name(\"Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-04-25 00:00:00 +0200 (Tue, 25 Apr 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3834.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true multi-user, multi-threaded SQL database\nserver.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.55-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-23T00:00:00", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2018-d955395c08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2017-3265", "CVE-2018-2784", "CVE-2018-2771", "CVE-2017-3313", "CVE-2018-2766", "CVE-2017-3456", "CVE-2018-2787", "CVE-2018-2818", "CVE-2018-2761", "CVE-2018-2782", "CVE-2017-3309", "CVE-2018-2773", "CVE-2017-3308", "CVE-2018-2781", "CVE-2018-2813", "CVE-2017-3453", "CVE-2017-3464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874594", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d955395c08_mariadb_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mariadb FEDORA-2018-d955395c08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874594\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-23 05:50:35 +0200 (Wed, 23 May 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2771\",\n \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \"CVE-2018-2787\",\n \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\", \"CVE-2017-3265\",\n \"CVE-2017-3313\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\",\n \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2018-2773\", \"CVE-2018-2818\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2018-d955395c08\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d955395c08\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.1.33~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:28:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:1209-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3462", "CVE-2017-3302", "CVE-2017-3463", "CVE-2017-3456", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3308", "CVE-2016-5483", "CVE-2017-3453", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3450", "CVE-2017-3599", "CVE-2017-3305", "CVE-2017-3452"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851549", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851549\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-09 06:50:33 +0200 (Tue, 09 May 2017)\");\n script_cve_id(\"CVE-2016-5483\", \"CVE-2017-3302\", \"CVE-2017-3305\", \"CVE-2017-3308\",\n \"CVE-2017-3309\", \"CVE-2017-3329\", \"CVE-2017-3450\", \"CVE-2017-3452\",\n \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\",\n \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\", \"CVE-2017-3600\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:1209-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-community-server'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for mysql-community-server to version 5.6.36 fixes the\n following issues:\n\n These security issues were fixed:\n\n\n - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in\n SQL statements written to the dump output, allowing for execution of\n arbitrary commands (bsc#1029014)\n\n - CVE-2017-3305: MySQL client sent authentication request unencrypted even\n if SSL was required (aka Ridddle) (bsc#1029396).\n\n - CVE-2017-3308: Unspecified vulnerability in Server: DML (boo#1034850)\n\n - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer\n (boo#1034850)\n\n - CVE-2017-3329: Unspecified vulnerability in Server: Thread (boo#1034850)\n\n - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer\n (boo#1034850)\n\n - CVE-2017-3456: Unspecified vulnerability in Server: DML (boo#1034850)\n\n - CVE-2017-3461: Unspecified vulnerability in Server: Security\n (boo#1034850)\n\n - CVE-2017-3462: Unspecified vulnerability in Server: Security\n (boo#1034850)\n\n - CVE-2017-3463: Unspecified vulnerability in Server: Security\n (boo#1034850)\n\n - CVE-2017-3464: Unspecified vulnerability in Server: DDL (boo#1034850)\n\n - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).\n\n - CVE-2017-3450: Unspecified vulnerability Server: Memcached\n\n - CVE-2017-3452: Unspecified vulnerability Server: Optimizer\n\n - CVE-2017-3599: Unspecified vulnerability Server: Pluggable Auth\n\n - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump\n (boo#1034850)\n\n - '--ssl-mode=REQUIRED' can be specified to require a secure connection\n (it fails if a secure connection cannot be obtained)\n\n\n These non-security issues were fixed:\n\n - Set the default umask to 077 in mysql-systemd-helper (boo#1020976)\n\n - Change permissions of the configuration dir/files to 755/644. Please\n note that storing the password in the /etc/my.cnf file is not safe. Use\n for example an option file that is accessible only by yourself\n (boo#889126)\");\n\n script_tag(name:\"affected\", value:\"mysql-community-server on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1209-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.36~24.3.3\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.36~25.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-03T18:42:43", "description": "This host is running Oracle MySQL and is\n prone to an unspecified vulnerability.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jan2017-2881727) 04 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3243"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310809869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809869", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (jan2017-2881727) 04 - Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809869\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3243\");\n script_bugtraq_id(95538);\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 18:37:28 +0530 (Wed, 18 Jan 2017)\");\n script_name(\"Oracle Mysql Security Updates (jan2017-2881727) 04 - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to an unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an unspecified\n error in sub component 'Server: Charsets'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to have some unspecified impact on\n availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.53 and\n earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.53\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-04-03T18:35:33", "description": "This host is running Oracle MySQL and is\n prone to an unspecified vulnerability.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "openvas", "title": "Oracle Mysql Security Updates (jan2017-2881727) 04 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3243"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562310809870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Mysql Security Updates (jan2017-2881727) 04 - Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809870\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_cve_id(\"CVE-2017-3243\");\n script_bugtraq_id(95538);\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-18 18:37:28 +0530 (Wed, 18 Jan 2017)\");\n script_name(\"Oracle Mysql Security Updates (jan2017-2881727) 04 - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to an unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an unspecified\n error in sub component 'Server: Charsets'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote to have some unspecified impact on\n availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL version 5.5.53 and\n earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_app_port_from_list(cpe_list:cpe_list))\n exit(0);\n\ncpe = infos[\"cpe\"];\nport = infos[\"port\"];\n\nif(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^5\\.\")\n{\n if(version_in_range(version:vers, test_version:\"5.5\", test_version2:\"5.5.53\"))\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Apply the patch\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-21T22:08:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3767-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 19, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 \n CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 \n CVE-2017-3317 CVE-2017-3318\nDebian Bug : 851233\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\n http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.54-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T20:31:53", "type": "debian", "title": "[SECURITY] [DSA 3767-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-19T20:31:53", "id": "DEBIAN:DSA-3767-1:3D6FE", "href": "https://lists.debian.org/debian-security-announce/2017/msg00018.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-12-26T04:34:52", "description": "Package : mysql-5.5\nVersion : 5.5.54-0+deb7u1\nCVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244\n CVE-2017-3258 CVE-2017-3265 CVE-2017-3291\n CVE-2017-3312 CVE-2017-3313 CVE-2017-3317\n CVE-2017-3318\nDebian Bug : 851233\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.54-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-25T01:53:37", "type": "debian", "title": "[SECURITY] [DLA 797-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-25T01:53:37", "id": "DEBIAN:DLA-797-1:FF9CF", "href": "https://lists.debian.org/debian-lts-announce/2017/01/msg00032.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3767-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 19, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 \n CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 \n CVE-2017-3317 CVE-2017-3318\nDebian Bug : 851233\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\n http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.54-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T20:31:53", "type": "debian", "title": "[SECURITY] [DSA 3767-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-19T20:31:53", "id": "DEBIAN:DSA-3767-1:1860D", "href": "https://lists.debian.org/debian-security-announce/2017/msg00018.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-10-23T21:40:15", "description": "Package : mysql-5.5\nVersion : 5.5.54-0+deb7u1\nCVE ID : CVE-2017-3238 CVE-2017-3243 CVE-2017-3244\n CVE-2017-3258 CVE-2017-3265 CVE-2017-3291\n CVE-2017-3312 CVE-2017-3313 CVE-2017-3317\n CVE-2017-3318\nDebian Bug : 851233\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.54-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-25T01:53:37", "type": "debian", "title": "[SECURITY] [DLA 797-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-25T01:53:37", "id": "DEBIAN:DLA-797-1:D4F63", "href": "https://lists.debian.org/debian-lts-announce/2017/01/msg00032.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2022-02-19T00:20:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3770-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 22, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244\n CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291\n CVE-2017-3312 CVE-2017-3317 CVE-2017-3318\nDebian Bug : 842895 851755\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.29. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.29-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-01-22T12:30:50", "type": "debian", "title": "[SECURITY] [DSA 3770-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-22T12:30:50", "id": "DEBIAN:DSA-3770-1:8F221", "href": "https://lists.debian.org/debian-security-announce/2017/msg00021.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:08:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3770-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 22, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244\n CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291\n CVE-2017-3312 CVE-2017-3317 CVE-2017-3318\nDebian Bug : 842895 851755\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.29. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.29-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-01-22T12:30:50", "type": "debian", "title": "[SECURITY] [DSA 3770-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2017-01-22T12:30:50", "id": "DEBIAN:DSA-3770-1:14619", "href": "https://lists.debian.org/debian-security-announce/2017/msg00021.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:14:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-08-17T06:17:35", "type": "debian", "title": "[SECURITY] [DSA 3944-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2017-08-17T06:17:35", "id": "DEBIAN:DSA-3944-1:A4058", "href": "https://lists.debian.org/debian-security-announce/2017/msg00206.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T21:56:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\n https://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-08-17T06:17:35", "type": "debian", "title": "[SECURITY] [DSA 3944-1] mariadb-10.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2017-08-17T06:17:35", "id": "DEBIAN:DSA-3944-1:135E3", "href": "https://lists.debian.org/debian-security-announce/2017/msg00206.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:19:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3834-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309\n CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461\n CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-25T15:15:11", "type": "debian", "title": "[SECURITY] [DSA 3834-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2017-04-25T15:15:11", "id": "DEBIAN:DSA-3834-1:6C276", "href": "https://lists.debian.org/debian-security-announce/2017/msg00093.html", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2021-10-21T22:03:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3834-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309\n CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461\n CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-25T15:15:11", "type": "debian", "title": "[SECURITY] [DSA 3834-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2017-04-25T15:15:11", "id": "DEBIAN:DSA-3834-1:D953A", "href": "https://lists.debian.org/debian-security-announce/2017/msg00093.html", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2021-10-22T13:38:27", "description": "Package : mysql-5.5\nVersion : 5.5.55-0+deb7u1\nCVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308\n CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464\n CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.55-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-25T20:47:46", "type": "debian", "title": "[SECURITY] [DLA 916-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5483", "CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2017-04-25T20:47:46", "id": "DEBIAN:DLA-916-1:521BE", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00035.html", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2022-01-03T04:52:06", "description": "Package : mysql-5.5\nVersion : 5.5.55-0+deb7u1\nCVE ID : CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308\n CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456\n CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464\n CVE-2017-3600\nDebian Bug : 854713 860544\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html\n http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.5.55-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-04-25T20:47:46", "type": "debian", "title": "[SECURITY] [DLA 916-1] mysql-5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5483", "CVE-2017-3302", "CVE-2017-3305", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3329", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2017-04-25T20:47:46", "id": "DEBIAN:DLA-916-1:476AB", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00035.html", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2021-08-19T12:38:50", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.54. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the Charsets subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3243)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_54.NASL", "href": "https://www.tenable.com/plugins/nessus/95876", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95876);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3238\",\n \"CVE-2017-3243\",\n \"CVE-2017-3244\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\"\n );\n script_bugtraq_id(\n 95491,\n 95501,\n 95520,\n 95527,\n 95538,\n 95560,\n 95565,\n 95571,\n 95585,\n 95588\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.54. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the Charsets subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2017-3243)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1c38e52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.54', min:'5.5', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:13", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.54, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727 .html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.5.54-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "Debian DLA-797-1 : mysql-5.5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmysqlclient-dev", "p-cpe:/a:debian:debian_linux:libmysqlclient18", "p-cpe:/a:debian:debian_linux:libmysqld-dev", "p-cpe:/a:debian:debian_linux:libmysqld-pic", "p-cpe:/a:debian:debian_linux:mysql-client", "p-cpe:/a:debian:debian_linux:mysql-client-5.5", "p-cpe:/a:debian:debian_linux:mysql-common", "p-cpe:/a:debian:debian_linux:mysql-server", "p-cpe:/a:debian:debian_linux:mysql-server-5.5", "p-cpe:/a:debian:debian_linux:mysql-server-core-5.5", "p-cpe:/a:debian:debian_linux:mysql-source-5.5", "p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-797.NASL", "href": "https://www.tenable.com/plugins/nessus/96732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-797-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96732);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"Debian DLA-797-1 : mysql-5.5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727\n.html\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.5.54-0+deb7u1.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10084381\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysqld-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-client-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-server-core-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-source-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-testsuite-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.54-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.54-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:54", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.54. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the Charsets subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3243)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_5_54_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/95877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95877);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2017-3238\",\n \"CVE-2017-3243\",\n \"CVE-2017-3244\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\"\n );\n script_bugtraq_id(\n 95491,\n 95501,\n 95520,\n 95527,\n 95538,\n 95560,\n 95565,\n 95571,\n 95585,\n 95588\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.54. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the Charsets subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2017-3243)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2219938.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?092fb681\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?724b555f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.54\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:13", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.54, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :\n\n - https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -54.html\n - http://www.oracle.com/technetwork/security-advisory/cpuj an2017-2881727.html", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "Debian DSA-3767-1 : mysql-5.5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-5.5", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3767.NASL", "href": "https://www.tenable.com/plugins/nessus/96638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3767. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96638);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"DSA\", value:\"3767\");\n\n script_name(english:\"Debian DSA-3767-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -54.html\n -\n http://www.oracle.com/technetwork/security-advisory/cpuj\n an2017-2881727.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10084381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3767\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.5.54-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqlclient18\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-dev\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmysqld-pic\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-common\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite\", reference:\"5.5.54-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.54-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-09-14T02:51:11", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : 3:mariadb (2017-09dd8907da)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-09DD8907DA.NASL", "href": "https://www.tenable.com/plugins/nessus/101568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-09dd8907da.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101568);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-09dd8907da\");\n\n script_name(english:\"Fedora 26 : 3:mariadb (2017-09dd8907da)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-09dd8907da\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mariadb-10.1.24-3.fc26\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:50:48", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-06-22T00:00:00", "type": "nessus", "title": "Fedora 24 : 3:mariadb (2017-8425f676f2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-8425F676F2.NASL", "href": "https://www.tenable.com/plugins/nessus/100972", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8425f676f2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100972);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-8425f676f2\");\n\n script_name(english:\"Fedora 24 : 3:mariadb (2017-8425f676f2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8425f676f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mariadb-10.1.24-3.fc24\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:51:30", "description": "**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe now.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-06-19T00:00:00", "type": "nessus", "title": "Fedora 25 : 3:mariadb (2017-2c0609b92a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mariadb", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-2C0609B92A.NASL", "href": "https://www.tenable.com/plugins/nessus/100857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2c0609b92a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100857);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3313\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"FEDORA\", value:\"2017-2c0609b92a\");\n\n script_name(english:\"Fedora 25 : 3:mariadb (2017-2c0609b92a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24**\n\nPlugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled\nBuild dependecies Bison and Libarchive added, others corrected\nDisabling Mroonga engine for i686 architecture, as it is not supported\nby MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\n**Aditional bugs solved:**\n\n#1459671: mariadb fails to start with tokudb; jemalloc not correctly\nenabled\n\n----\n\n**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled\nSphinx engine enabled Build dependecies Bison and Libarchive added,\nothers corrected Disabling Mroonga engine for i686 architecture, as it\nis not supported by MariaDB\n\n**Removed patches: (fixed by upstream)**\n\nPatch5: %{pkgnamepatch}-file-contents.patch Patch14:\n%{pkgnamepatch}-example-config-files.patch Patch31:\n%{pkgnamepatch}-string-overflow.patch Patch32:\n%{pkgnamepatch}-basedir.patch Patch41:\n%{pkgnamepatch}-galera-new-cluster-help.patch\n\n**CVEs fix**\n\nCVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456\nCVE-2017-3464\n\n**Testsuite**\n\nEnabled '--big-test' option for the testsuite Disabled '--skip-rpl'\noption for the testsuite = replication tests enabled\n\n**Warning**\n\nSome Spider tests started to fail, the engine can be probabbly unsafe\nnow.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c0609b92a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mariadb-10.1.24-3.fc25\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mariadb\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-13T14:22:06", "description": "This mysql version update to 5.5.54 fixes the following issues :\n\n - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896)\n\n - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894)\n\n - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890)\n\n - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884)\n\n - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885)\n\n - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875)\n\n - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877)\n\n - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891)\n\n - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882)\n\n - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5- 54.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : mysql (SUSE-SU-2017:0408-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysql55client18", "p-cpe:/a:novell:suse_linux:libmysql55client_r18", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:novell:suse_linux:mysql-client", "p-cpe:/a:novell:suse_linux:mysql-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0408-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0408-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97046);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"SUSE SLES11 Security Update : mysql (SUSE-SU-2017:0408-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql version update to 5.5.54 fixes the following issues :\n\n - CVE-2017-3318: Unspecified vulnerability affecting Error\n Handling (bsc#1020896)\n\n - CVE-2017-3317: Unspecified vulnerability affecting\n Logging (bsc#1020894)\n\n - CVE-2017-3313: Unspecified vulnerability affecting the\n MyISAM component (bsc#1020890)\n\n - CVE-2017-3312: Insecure error log file handling in\n mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: Unrestricted mysqld_safe's ledir\n (bsc#1020884)\n\n - CVE-2017-3265: Unsafe chmod/chown use in init script\n (bsc#1020885)\n\n - CVE-2017-3258: Unspecified vulnerability in the DDL\n component (bsc#1020875)\n\n - CVE-2017-3244: Unspecified vulnerability affecing the\n DML component (bsc#1020877)\n\n - CVE-2017-3243: Unspecified vulnerability affecting the\n Charsets component (bsc#1020891)\n\n - CVE-2017-3238: Unspecified vulnerability affecting the\n Optimizer component (bsc#1020882)\n\n - Applications using the client library for MySQL\n (libmysqlclient.so) had a use-after-free issue that\n could cause the applications to crash (bsc#1022428)\n Release Notes:\n http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-\n 54.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3238/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3244/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3258/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3313/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3318/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170408-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f341f135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-mysql-12971=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-mysql-12971=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-mysql-12971=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mysql-12971=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mysql-12971=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mysql-12971=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mysql-12971=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mysql-12971=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mysql-12971=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysql55client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libmysql55client_r18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libmysql55client_r18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client18-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libmysql55client_r18-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-client-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mysql-tools-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysql55client18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libmysql55client18-32bit-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client18-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libmysql55client_r18-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-client-5.5.54-0.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mysql-tools-5.5.54-0.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:32:00", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : mariadb (CESA-2017:2192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mariadb", "p-cpe:/a:centos:centos:mariadb-bench", "p-cpe:/a:centos:centos:mariadb-devel", "p-cpe:/a:centos:centos:mariadb-embedded", "p-cpe:/a:centos:centos:mariadb-embedded-devel", "p-cpe:/a:centos:centos:mariadb-libs", "p-cpe:/a:centos:centos:mariadb-server", "p-cpe:/a:centos:centos:mariadb-test", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2192.NASL", "href": "https://www.tenable.com/plugins/nessus/102755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2192 and \n# CentOS Errata and Security Advisory 2017:2192 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102755);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\", \"CVE-2017-3651\");\n script_xref(name:\"RHSA\", value:\"2017:2192\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2017:2192)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not\ncorrectly handle database and table names containing newline\ncharacters. A database user with privileges to create databases or\ntables could cause the mysql command to execute arbitrary shell or SQL\ncommands while restoring database backup created using the mysqldump\ntool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation\nof error log file. The mysql operating system user could use this flaw\nto escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled\ninitialization of the database data directory and permission setting\non the error log file. The mysql operating system user could use these\nflaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir\noption value set in a MySQL configuration file. A user able to modify\none of the MySQL configuration files could use this flaw to escalate\ntheir privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled\ncreation of error log file. The mysql operating system user could use\nthese flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient)\nhandled prepared statements when server connection was lost. A\nmalicious server or a man-in-the-middle attacker could possibly use\nthis flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258,\nCVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,\nCVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004369.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bf505b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6664\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.56-2.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:32:47", "description": "From Red Hat Security Advisory 2017:2192 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : mariadb (ELSA-2017-2192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-bench", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-libs", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-test", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2192.NASL", "href": "https://www.tenable.com/plugins/nessus/102299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2192 and \n# Oracle Linux Security Advisory ELSA-2017-2192 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102299);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\", \"CVE-2017-3651\");\n script_xref(name:\"RHSA\", value:\"2017:2192\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2017-2192)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2192 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not\ncorrectly handle database and table names containing newline\ncharacters. A database user with privileges to create databases or\ntables could cause the mysql command to execute arbitrary shell or SQL\ncommands while restoring database backup created using the mysqldump\ntool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation\nof error log file. The mysql operating system user could use this flaw\nto escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled\ninitialization of the database data directory and permission setting\non the error log file. The mysql operating system user could use these\nflaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir\noption value set in a MySQL configuration file. A user able to modify\none of the MySQL configuration files could use this flaw to escalate\ntheir privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled\ncreation of error log file. The mysql operating system user could use\nthese flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient)\nhandled prepared statements when server connection was lost. A\nmalicious server or a man-in-the-middle attacker could possibly use\nthis flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258,\nCVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,\nCVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007090.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.56-2.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:33:40", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file.\n The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n - This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-embedded", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb-test", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1169.NASL", "href": "https://www.tenable.com/plugins/nessus/103007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103007);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5483\",\n \"CVE-2016-5617\",\n \"CVE-2016-6664\",\n \"CVE-2017-3238\",\n \"CVE-2017-3243\",\n \"CVE-2017-3244\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3291\",\n \"CVE-2017-3302\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\",\n \"CVE-2017-3600\",\n \"CVE-2017-3651\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the mysql and mysqldump tools\n did not correctly handle database and table names\n containing newline characters. A database user with\n privileges to create databases or tables could cause\n the mysql command to execute arbitrary shell or SQL\n commands while restoring database backup created using\n the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script\n handled creation of error log file. The mysql operating\n system user could use this flaw to escalate their\n privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init\n script handled initialization of the database data\n directory and permission setting on the error log file.\n The mysql operating system user could use these flaws\n to escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored\n the ledir option value set in a MySQL configuration\n file. A user able to modify one of the MySQL\n configuration files could use this flaw to escalate\n their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe\n script handled creation of error log file. The mysql\n operating system user could use these flaws to escalate\n their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library\n (libmysqlclient) handled prepared statements when\n server connection was lost. A malicious server or a\n man-in-the-middle attacker could possibly use this flaw\n to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n - This update fixes several vulnerabilities in the\n MariaDB database server. Information about these flaws\n can be found on the Oracle Critical Patch Update\n Advisory page, listed in the References section.\n (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244,\n CVE-2017-3258, CVE-2017-3308, CVE-2017-3309,\n CVE-2017-3313, CVE-2017-3317, CVE-2017-3318,\n CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1169\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c88bd5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.56-2\",\n \"mariadb-bench-5.5.56-2\",\n \"mariadb-devel-5.5.56-2\",\n \"mariadb-embedded-5.5.56-2\",\n \"mariadb-libs-5.5.56-2\",\n \"mariadb-server-5.5.56-2\",\n \"mariadb-test-5.5.56-2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:33:51", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file.\n The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n - This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb-test", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1170.NASL", "href": "https://www.tenable.com/plugins/nessus/103008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103008);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5483\",\n \"CVE-2016-5617\",\n \"CVE-2016-6664\",\n \"CVE-2017-3238\",\n \"CVE-2017-3243\",\n \"CVE-2017-3244\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3291\",\n \"CVE-2017-3302\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\",\n \"CVE-2017-3600\",\n \"CVE-2017-3651\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the mysql and mysqldump tools\n did not correctly handle database and table names\n containing newline characters. A database user with\n privileges to create databases or tables could cause\n the mysql command to execute arbitrary shell or SQL\n commands while restoring database backup created using\n the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script\n handled creation of error log file. The mysql operating\n system user could use this flaw to escalate their\n privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init\n script handled initialization of the database data\n directory and permission setting on the error log file.\n The mysql operating system user could use these flaws\n to escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored\n the ledir option value set in a MySQL configuration\n file. A user able to modify one of the MySQL\n configuration files could use this flaw to escalate\n their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe\n script handled creation of error log file. The mysql\n operating system user could use these flaws to escalate\n their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library\n (libmysqlclient) handled prepared statements when\n server connection was lost. A malicious server or a\n man-in-the-middle attacker could possibly use this flaw\n to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n - This update fixes several vulnerabilities in the\n MariaDB database server. Information about these flaws\n can be found on the Oracle Critical Patch Update\n Advisory page, listed in the References section.\n (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244,\n CVE-2017-3258, CVE-2017-3308, CVE-2017-3309,\n CVE-2017-3313, CVE-2017-3317, CVE-2017-3318,\n CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1170\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7503a7b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.56-2\",\n \"mariadb-bench-5.5.56-2\",\n \"mariadb-devel-5.5.56-2\",\n \"mariadb-libs-5.5.56-2\",\n \"mariadb-server-5.5.56-2\",\n \"mariadb-test-5.5.56-2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:32:47", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : mariadb (RHSA-2017:2192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600", "CVE-2017-3651"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2192.NASL", "href": "https://www.tenable.com/plugins/nessus/102152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2192. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102152);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\", \"CVE-2017-3651\");\n script_xref(name:\"RHSA\", value:\"2017:2192\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2017:2192)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version:\nmariadb (5.5.56). (BZ#1458933)\n\nSecurity Fix(es) :\n\n* It was discovered that the mysql and mysqldump tools did not\ncorrectly handle database and table names containing newline\ncharacters. A database user with privileges to create databases or\ntables could cause the mysql command to execute arbitrary shell or SQL\ncommands while restoring database backup created using the mysqldump\ntool. (CVE-2016-5483, CVE-2017-3600)\n\n* A flaw was found in the way the mysqld_safe script handled creation\nof error log file. The mysql operating system user could use this flaw\nto escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n* Multiple flaws were found in the way the MySQL init script handled\ninitialization of the database data directory and permission setting\non the error log file. The mysql operating system user could use these\nflaws to escalate their privileges to root. (CVE-2017-3265)\n\n* It was discovered that the mysqld_safe script honored the ledir\noption value set in a MySQL configuration file. A user able to modify\none of the MySQL configuration files could use this flaw to escalate\ntheir privileges to root. (CVE-2017-3291)\n\n* Multiple flaws were found in the way the mysqld_safe script handled\ncreation of error log file. The mysql operating system user could use\nthese flaws to escalate their privileges to root. (CVE-2017-3312)\n\n* A flaw was found in the way MySQL client library (libmysqlclient)\nhandled prepared statements when server connection was lost. A\nmalicious server or a man-in-the-middle attacker could possibly use\nthis flaw to crash an application using libmysqlclient.\n(CVE-2017-3302)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258,\nCVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,\nCVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5553-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5554-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5554-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5555-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5555-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5556-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5556-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3651\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2192\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.56-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.56-2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:33:03", "description": "The following packages have been upgraded to a later upstream version:\nmariadb (5.5.56).\n\nSecurity Fix(es) :\n\n - It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file.\n The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5483", "CVE-2016-5617", "CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3600"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mariadb", "p-cpe:/a:fermilab:scientific_linux:mariadb-bench", "p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo", "p-cpe:/a:fermilab:scientific_linux:mariadb-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-libs", "p-cpe:/a:fermilab:scientific_linux:mariadb-server", "p-cpe:/a:fermilab:scientific_linux:mariadb-test", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170801_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102648);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5483\", \"CVE-2016-5617\", \"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3302\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3600\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20170801)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a later upstream version:\nmariadb (5.5.56).\n\nSecurity Fix(es) :\n\n - It was discovered that the mysql and mysqldump tools did\n not correctly handle database and table names containing\n newline characters. A database user with privileges to\n create databases or tables could cause the mysql command\n to execute arbitrary shell or SQL commands while\n restoring database backup created using the mysqldump\n tool. (CVE-2016-5483, CVE-2017-3600)\n\n - A flaw was found in the way the mysqld_safe script\n handled creation of error log file. The mysql operating\n system user could use this flaw to escalate their\n privileges to root. (CVE-2016-5617, CVE-2016-6664)\n\n - Multiple flaws were found in the way the MySQL init\n script handled initialization of the database data\n directory and permission setting on the error log file.\n The mysql operating system user could use these flaws to\n escalate their privileges to root. (CVE-2017-3265)\n\n - It was discovered that the mysqld_safe script honored\n the ledir option value set in a MySQL configuration\n file. A user able to modify one of the MySQL\n configuration files could use this flaw to escalate\n their privileges to root. (CVE-2017-3291)\n\n - Multiple flaws were found in the way the mysqld_safe\n script handled creation of error log file. The mysql\n operating system user could use these flaws to escalate\n their privileges to root. (CVE-2017-3312)\n\n - A flaw was found in the way MySQL client library\n (libmysqlclient) handled prepared statements when server\n connection was lost. A malicious server or a\n man-in-the-middle attacker could possibly use this flaw\n to crash an application using libmysqlclient.\n (CVE-2017-3302)\n\n(CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258,\nCVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317,\nCVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=14039\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61a09e21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.56-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.56-2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:56", "description": "The version of MariaDB installed on the remote host is 10.0.x prior to 10.0.29, and is affected by multiple vulnerabilities :\n\n - A flaw exists in the 'check_duplicate_key()' function that is triggered during the handling of error messages. This may allow an authenticated attacker to crash the database. Depending on the database's implementation, it varies if this vulnerability requires authenticated access (e.g. daily DBA duties) or may be exploited by a remote attacker (e.g. interfaced via a web application).\n - A flaw exists in the 'JOIN::destroy()' function in 'sql/sql_select.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'date_add_interval()' function in 'sql/sql_time.cc' that is triggered during the handling of INTERVAL arguments. This may allow an authenticated attacker to crash the database.\n - A flaw exists in 'sql/item_subselect.cc' that is triggered during the handling of queries from the select/unit tree. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Item::check_well_formed_result()' function in 'sql/item.cc' that is triggered during the handling of row validation. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'lex_one_token()' function in 'sql/sql_lex.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'merge_buffers()' function in 'sql/filesort.cc' that is triggered during the handling of 'sort_union' optimization. This may allow an authenticated attacker to crash the database. \n - A flaw exists in the 'Item_cache::safe_charset_converter()' function in 'sql/item.cc' that is triggered during the handling of a specially crafted subselect query item. This may allow an authenticated attacker to crash the database.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to insecure use of certain shell utilities e.g. chown and rm when handling error log files. This may allow a local attacker via a symlink attack to gain 'root' privileges.\n - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the 'Server:Optimizer' subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to handling of the '--ledir' command line option used to specify the directory where mysqld is stored, as this value may be read from the configuration file. This may allow a local attacker to gain elevated privileges.\n - A flaw exists in the 'packaging/rpm-oel/mysql.init' initialization script related to insecure use of the chown and chmod utilities. This may allow a local attacker to potentially gain 'root' privileges.\n - An unspecified flaw exists related to the Logging subcomponent. This may allow a local attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain access to sensitive information. No further details have been provided by the vendor.\n - A flaw exists in the 'handle_if_exists_options()' function in 'sql/sql_table.cc' that is triggered during the handling of a specially crafted 'ADD FOREIGN KEY' statements. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'handle_if_exists_options()' function in 'sql/sql_table.cc' that is triggered due to missing foreign keys in a second 'ALTER TABLE' statement. This may allow an authenticated attacker to crash the database.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-26T00:00:00", "type": "nessus", "title": "MariaDB Server 10.0.x < 10.0.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"], "id": "9912.PRM", "href": "https://www.tenable.com/plugins/nnm/9912", "sourceData": "Binary data 9912.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:37:56", "description": "MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 5.5.x earlier than 5.5.54, and is therefore affected by multiple vulnerabilities :\n\n - A flaw exists in 'scripts/mysqld_safe.sh' that is triggered when handling arguments to 'malloc-lib'. This may allow a local attacker to potentially gain elevated privileges.\n - A flaw exists in 'sql/item_subselect.cc' that is triggered during the handling of queries from the select/unit tree. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Item::check_well_formed_result()' function in 'sql/item.cc' that is triggered during the handling of row validation. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Rpl_filter::parse_filter_rule()' function in 'sql/rpl_filter.cc' that is triggered during the clearing of wildcards. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'lex_one_token()' function in 'sql/sql_lex.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'merge_buffers()' function in 'sql/filesort.cc' that is triggered during the handling of 'sort_union' optimization. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Item_cache::safe_charset_converter()' function in 'sql/item.cc' that is triggered during the handling of a specially crafted subselect query item. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'st_select_lex::is_merged_child_of()' function in 'sql/sql_lex.cc' that is triggered when handling merged views or derived tables. This may allow an authenticated attacker to crash the database.\n - A flaw exists in 'sql/item.cc' that is triggered during the handling of a specially crafted subquery. This may allow an authenticated attacker to crash the database.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to insecure use of certain shell utilities e.g. chown and rm when handling error log files. This may allow a local attacker via a symlink attack to gain 'root' privileges.\n - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the 'Server:Optimizer' subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to handling of the '--ledir' command line option used to specify the directory where mysqld is stored, as this value may be read from the configuration file. This may allow a local attacker to gain elevated privileges.\n - A flaw exists in the 'packaging/rpm-oel/mysql.init' initialization script related to insecure use of the chown and chmod utilities. This may allow a local attacker to potentially gain 'root' privileges.\n - An unspecified flaw exists related to the Logging subcomponent. This may allow a local attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain access to sensitive information. No further details have been provided by the vendor.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-26T00:00:00", "type": "nessus", "title": "MariaDB Server 5.5.x < 5.5.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"], "id": "9911.PRM", "href": "https://www.tenable.com/plugins/nnm/9911", "sourceData": "Binary data 9911.prm", "cvss": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:56", "description": "MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 10.1.x earlier than 10.1.21, and is therefore affected by multiple vulnerabilities :\n\n - A flaw exists in the 'merge_buffers()' function in 'sql/filesort.cc' that is triggered during the handling of 'sort_union' optimization. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Item_cache::safe_charset_converter()' function in 'sql/item.cc' that is triggered during the handling of a specially crafted subselect query item. This may allow an authenticated attacker to crash the database.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to insecure use of certain shell utilities e.g. chown and rm when handling error log files. This may allow a local attacker via a symlink attack to gain 'root' privileges.\n - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the 'Server:Optimizer' subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.\n - A flaw exists in 'scripts/mysqld_safe.sh' related to handling of the '--ledir' command line option used to specify the directory where mysqld is stored, as this value may be read from the configuration file. This may allow a local attacker to gain elevated privileges.\n - A flaw exists in the 'packaging/rpm-oel/mysql.init' initialization script related to insecure use of the chown and chmod utilities. This may allow a local attacker to potentially gain 'root' privileges.\n - An unspecified flaw exists related to the Logging subcomponent. This may allow a local attacker to cause a denial of service. No further details have been provided by the vendor.\n - An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain access to sensitive information. No further details have been provided by the vendor.\n - An out-of-bounds access flaw exists in the 'Item_partition_func_safe_string()' function in 'sql/item.h' that is triggered during the handling of 'information_schema.processlist' tables. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Table_triggers_list::prepare_record_accessors()' function in 'sql/sql_trigger.cc' that is triggered during the handling of a specially crafted table. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'handle_if_exists_options()' function in 'sql/sql_table.cc' that is triggered during the handling of a specially crafted 'ADD FOREIGN KEY' statements. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Item::decimal_precision()' function in 'sql/item.cc' that is triggered during the handling of a 'SELECT' statement in a crafted query. This may allow an authenticated attacker to crash the database.\n - A flaw exists in the 'Field_time::store_TIME_with_warning()' function that is triggered when handling a specially crafted 'INSERT' query. This may allow an authenticated attacker to crash the database.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-26T00:00:00", "type": "nessus", "title": "MariaDB Server 10.1.x < 10.1.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"], "id": "9915.PRM", "href": "https://www.tenable.com/plugins/nnm/9915", "sourceData": "Binary data 9915.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-09-14T02:40:59", "description": "The version of MariaDB running on the remote host is prior to 10.0.x prior to 10.0.31, 10.1.x prior to 10.1.23, or 10.2.x prior to 10.2.7. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-11-07T00:00:00", "type": "nessus", "title": "MariaDB 10.0.x < 10.0.31 / 10.1.x < 10.1.23 / 10.2.x < 10.2.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_31.NASL", "href": "https://www.tenable.com/plugins/nessus/104437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104437);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\"\n );\n script_bugtraq_id(\n 97725,\n 97742,\n 97776,\n 97818,\n 97831\n );\n\n script_name(english:\"MariaDB 10.0.x < 10.0.31 / 10.1.x < 10.1.23 / 10.2.x < 10.2.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is prior to\n10.0.x prior to 10.0.31, 10.1.x prior to 10.1.23, or 10.2.x\nprior to 10.2.7. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10123-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1027-changelog/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.0.31 / 10.1.23 / 10.2.7 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:make_list('10.0.31-MariaDB', '10.1.23-MariaDB', '10.2.7-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-09-14T02:50:21", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-04T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:2035-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2035-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2035-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102192);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:2035-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963041\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172035-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fd651be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1247=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1247=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1247=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1247=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1247=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1247=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient-devel-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld-devel-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqld18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"mariadb-tools-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.31-29.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.31-29.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:50:22", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes :\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:2034-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2034-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2034-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102191);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:2034-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715) Bug fixes :\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36 Release notes and\n changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048715\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172034-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef620f42\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1244=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1244=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.31-20.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-20.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:50:22", "description": "This MariaDB update to version 10.0.31 GA fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)\n\nBug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\nRelease notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2017-902)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-902.NASL", "href": "https://www.tenable.com/plugins/nessus/102338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-902.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102338);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2017-902)\");\n script_summary(english:\"Check for the openSUSE-2017-902 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MariaDB update to version 10.0.31 GA fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-3308: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3456: Subcomponent: Server: DML: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\n - CVE-2017-3464: Subcomponent: Server: DDL: Easily\n 'exploitable' vulnerability allows low privileged\n attacker with network access via multiple protocols to\n compromise MariaDB Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS). (bsc#1048715)\n\nBug fixes :\n\n - switch from 'Restart=on-failure' to 'Restart=on-abort'\n in mysql.service in order to follow the upstream. It\n also fixes hanging mysql-systemd-helper when mariadb\n fails (e.g. because of the misconfiguration)\n (bsc#963041)\n\n - XtraDB updated to 5.6.36-82.0\n\n - TokuDB updated to 5.6.36-82.0\n\n - Innodb updated to 5.6.36\n\n - Performance Schema updated to 5.6.36\n\nRelease notes and changelog :\n\n- https://kb.askmonty.org/en/mariadb-10031-release-notes\n\n- https://kb.askmonty.org/en/mariadb-10031-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963041\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10031-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient-devel-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient_r18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld-devel-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debugsource-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-errormessages-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-debuginfo-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-20.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient-devel-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient18-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqlclient_r18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld-devel-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmysqld18-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-bench-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-client-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-debugsource-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-errormessages-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-test-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mariadb-tools-debuginfo-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.31-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.31-23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:52:10", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-195-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-195-01.NASL", "href": "https://www.tenable.com/plugins/nessus/101549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-195-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\");\n script_xref(name:\"SSA\", value:\"2017-195-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-195-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.405076\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80a2dbad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.56\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.56\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.31\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:00", "description": "The following security-related issues were fixed :\n\nCVE-2017-3238 Server: Optimizer unspecified vulnerability\n\nCVE-2017-3243 Server: Charsets unspecified vulnerability\n\nCVE-2017-3244 Server: DML unspecified vulnerability\n\nCVE-2017-3258 Server: DDL unspecified vulnerability\n\nCVE-2017-3313 Server: MyISAM unspecified vulnerability\n\nCVE-2017-3317 Logging unspecified vulnerability\n\nCVE-2017-3318 Server: Error Handling unspecified vulnerability", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql55 (ALAS-2017-789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3258", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql-config", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql55-devel", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-789.NASL", "href": "https://www.tenable.com/plugins/nessus/96807", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-789.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96807);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3258\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"ALAS\", value:\"2017-789\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2017-789)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security-related issues were fixed :\n\nCVE-2017-3238 Server: Optimizer unspecified vulnerability\n\nCVE-2017-3243 Server: Charsets unspecified vulnerability\n\nCVE-2017-3244 Server: DML unspecified vulnerability\n\nCVE-2017-3258 Server: DDL unspecified vulnerability\n\nCVE-2017-3313 Server: MyISAM unspecified vulnerability\n\nCVE-2017-3317 Logging unspecified vulnerability\n\nCVE-2017-3318 Server: Error Handling unspecified vulnerability\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-789.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql-config-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.54-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.54-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:53:54", "description": "The version of MariaDB running on the remote host is 5.5.x prior to 5.5.55, 10.0.x prior to 10.0.30, 10.1.x prior to 10.1.22, or 10.2.x prior to 10.2.5. It is, therefore, affected by multiple vulnerabilities :\n\n - A use-after-free error exists in file client.c in the mysql_prune_stmt_list() function that allows an unauthenticated, remote attacker to crash the database.\n (CVE-2017-3302)\n\n - Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. Note that these issues only affect version 5.5.x. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. Note that these issues only affect version 5.5.x.\n (CVE-2017-3309, CVE-2017-3453)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to impact integrity. Note that this issue only affects version 5.5.x. (CVE-2017-3464)\n\n - A denial of service vulnerability exists in the Field_time::store_TIME_with_warning() function when handling specially crafted INSERT queries. An authenticated, remote attacker can exploit this to crash the database. Note that this issue only affects versions 5.5.x and 10.0.x.\n\n - A denial of service vulnerability exists in the JOIN_CACHE::create_remaining_fields() function in file sql_join_cache.cc when handling data caching. An authenticated, remote attacker can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the SJ_TMP_TABLE::create_sj_weedout_tmp_table() function in file opt_subselect.cc when handling specially crafted WHERE queries. An authenticated, remote attacker can exploit this to crash the database. Note that this issue only affects versions 10.0.x and 10.1.x.\n\n - A denial of service vulnerability exists in the ha_partition::reset() function in file ha_partition.cc when handling specially crafted SELECT queries. An authenticated, remote attacker can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the find_field_in_tables() function in file sql_base.cc when handling stored procedures in EXISTS queries. An authenticated, remote attacker can exploit this to crash the database. Note that this issue only affects versions 10.0.x, 10.1.x, and 10.2.x.\n\n - A denial of service vulnerability exists in the JOIN::drop_unused_derived_keys() function in file sql_select.cc when handling specially crafted SELECT statements. An authenticated, remote attacker can exploit this to crash the database. Note that this issue only affects versions 5.5.x, 10.1.x, and 10.2.x.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3302", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3313", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_0_30.NASL", "href": "https://www.tenable.com/plugins/nessus/99670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99670);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-3302\",\n \"CVE-2017-3308\",\n \"CVE-2017-3309\",\n \"CVE-2017-3313\",\n \"CVE-2017-3453\",\n \"CVE-2017-3456\",\n \"CVE-2017-3464\"\n );\n script_bugtraq_id(\n 95527,\n 96162,\n 97725,\n 97742,\n 97776,\n 97818,\n 97831\n );\n\n script_name(english:\"MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 5.5.x prior to\n5.5.55, 10.0.x prior to 10.0.30, 10.1.x prior to 10.1.22, or 10.2.x\nprior to 10.2.5. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists in file client.c in the\n mysql_prune_stmt_list() function that allows an\n unauthenticated, remote attacker to crash the database.\n (CVE-2017-3302)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. Note that these issues only\n affect version 5.5.x. (CVE-2017-3308, CVE-2017-3456)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition. Note\n that these issues only affect version 5.5.x.\n (CVE-2017-3309, CVE-2017-3453)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to impact\n integrity. Note that this issue only affects version\n 5.5.x. (CVE-2017-3464)\n\n - A denial of service vulnerability exists in the\n Field_time::store_TIME_with_warning() function when\n handling specially crafted INSERT queries. An\n authenticated, remote attacker can exploit this to\n crash the database. Note that this issue only affects\n versions 5.5.x and 10.0.x.\n\n - A denial of service vulnerability exists in the\n JOIN_CACHE::create_remaining_fields() function in file\n sql_join_cache.cc when handling data caching. An\n authenticated, remote attacker can exploit this to crash\n the database.\n\n - A denial of service vulnerability exists in the\n SJ_TMP_TABLE::create_sj_weedout_tmp_table() function\n in file opt_subselect.cc when handling specially crafted\n WHERE queries. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 10.0.x and 10.1.x.\n\n - A denial of service vulnerability exists in the\n ha_partition::reset() function in file ha_partition.cc\n when handling specially crafted SELECT queries. An\n authenticated, remote attacker can exploit this to\n crash the database.\n\n - A denial of service vulnerability exists in the\n find_field_in_tables() function in file sql_base.cc when\n handling stored procedures in EXISTS queries. An\n authenticated, remote attacker can exploit this to crash\n the database. Note that this issue only affects versions\n 10.0.x, 10.1.x, and 10.2.x.\n\n - A denial of service vulnerability exists in the\n JOIN::drop_unused_derived_keys() function in file\n sql_select.cc when handling specially crafted SELECT\n statements. An authenticated, remote attacker can\n exploit this to crash the database. Note that this issue\n only affects versions 5.5.x, 10.1.x, and 10.2.x.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-5555-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10030-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10122-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1025-changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5555-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10030-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10122-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1025-release-notes/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.55 / 10.0.30 / 10.1.22 / 10.2.5 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:make_list('10.0.30-MariaDB', '5.5.55-MariaDB', '10.1.22-MariaDB', '10.2.5-MariaDB'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-06-13T14:22:22", "description": "This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35 Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0411-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0411-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97063);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error\n Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting\n Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in\n mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir\n (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script\n (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL\n component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting\n InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the\n DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the\n Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the\n Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL\n (libmysqlclient.so) had a use-after-free issue that\n could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35 Release notes and\n changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022428\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3238/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3244/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3258/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3318/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170411-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ff901b7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-205=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-205=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.29-20.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-20.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:22:23", "description": "The remote host is affected by the vulnerability described in GLSA-201702-18 (MariaDB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly escalate privileges, gain access to critical data or complete access to all MariaDB Server accessible data, or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "GLSA-201702-18 : MariaDB: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mariadb", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201702-18.NASL", "href": "https://www.tenable.com/plugins/nessus/97261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-18.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97261);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"GLSA\", value:\"201702-18\");\n\n script_name(english:\"GLSA-201702-18 : MariaDB: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-18\n(MariaDB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MariaDB. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly escalate privileges, gain access to critical\n data or complete access to all MariaDB Server accessible data, or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MariaDB users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mariadb-10.0.29'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mariadb\", unaffected:make_list(\"ge 10.0.29\"), vulnerable:make_list(\"lt 10.0.29\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MariaDB\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:19:38", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for further details :\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10029-release- notes/", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "Debian DSA-3770-1 : mariadb-10.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3770.NASL", "href": "https://www.tenable.com/plugins/nessus/96669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3770. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96669);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"DSA\", value:\"3770\");\n\n script_name(english:\"Debian DSA-3770-1 : mariadb-10.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.29. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10029-release-\n notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851755\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 10.0.29-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.29-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.29-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:21:40", "description": "This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35\n\nRelease notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2017-257)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-257.NASL", "href": "https://www.tenable.com/plugins/nessus/97277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-257.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97277);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2017-257)\");\n script_summary(english:\"Check for the openSUSE-2017-257 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error\n Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting\n Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in\n mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir\n (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script\n (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL\n component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting\n InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the\n DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the\n Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the\n Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL\n (libmysqlclient.so) had a use-after-free issue that\n could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35\n\nRelease notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022428\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient-devel-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient_r18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld-devel-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debugsource-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-errormessages-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient-devel-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient_r18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld-devel-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debugsource-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-errormessages-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-debuginfo-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.29-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:21:37", "description": "This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35 Release notes and changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0412-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0412-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97064);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb version update to 10.0.29 fixes the following issues :\n\n - CVE-2017-3318: unspecified vulnerability affecting Error\n Handling (bsc#1020896)\n\n - CVE-2017-3317: unspecified vulnerability affecting\n Logging (bsc#1020894)\n\n - CVE-2017-3312: insecure error log file handling in\n mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)\n\n - CVE-2017-3291: unrestricted mysqld_safe's ledir\n (bsc#1020884)\n\n - CVE-2017-3265: unsafe chmod/chown use in init script\n (bsc#1020885)\n\n - CVE-2017-3258: unspecified vulnerability in the DDL\n component (bsc#1020875)\n\n - CVE-2017-3257: unspecified vulnerability affecting\n InnoDB (bsc#1020878)\n\n - CVE-2017-3244: unspecified vulnerability affecing the\n DML component (bsc#1020877)\n\n - CVE-2017-3243: unspecified vulnerability affecting the\n Charsets component (bsc#1020891)\n\n - CVE-2017-3238: unspecified vulnerability affecting the\n Optimizer component (bsc#1020882)\n\n - CVE-2016-6664: Root Privilege Escalation (bsc#1008253)\n\n - Applications using the client library for MySQL\n (libmysqlclient.so) had a use-after-free issue that\n could cause the applications to crash (bsc#1022428)\n\n - notable changes :\n\n - XtraDB updated to 5.6.34-79.1\n\n - TokuDB updated to 5.6.34-79.1\n\n - Innodb updated to 5.6.35\n\n - Performance Schema updated to 5.6.35 Release notes and\n changelog :\n\n - https://kb.askmonty.org/en/mariadb-10029-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10029-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022428\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10029-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10029-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3238/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3244/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3257/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3258/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3318/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170412-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14c3ceff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-207=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-207=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-207=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-207=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-207=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-207=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-207=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-207=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-207=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.29-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.29-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-13T14:20:01", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-19T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-018-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6664", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-018-01.NASL", "href": "https://www.tenable.com/plugins/nessus/96612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-018-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96612);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6664\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"SSA\", value:\"2017-018-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-018-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.435634\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48ee8594\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.54\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.54\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.29\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.29\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.29\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.29\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:49", "description": "mysql-community-server was updated to version 5.6.35 to fix bugs and security issues :\n\n - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 35.html\n\n - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896]", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mysql-community-server (openSUSE-2017-315)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysql56client18", "p-cpe:/a:novell:opensuse:libmysql56client18-32bit", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysql56client_r18", "p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server", "p-cpe:/a:novell:opensuse:mysql-community-server-bench", "p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-client", "p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debugsource", "p-cpe:/a:novell:opensuse:mysql-community-server-errormessages", "p-cpe:/a:novell:opensuse:mysql-community-server-test", "p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-tools", "p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-315.NASL", "href": "https://www.tenable.com/plugins/nessus/97569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-315.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97569);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"openSUSE Security Update : mysql-community-server (openSUSE-2017-315)\");\n script_summary(english:\"Check for the openSUSE-2017-315 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-community-server was updated to version 5.6.35 to fix bugs and\nsecurity issues :\n\n - Changes\n http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-\n 35.html\n\n - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312\n [boo#1020873], CVE-2017-3258 [boo#1020875],\n CVE-2017-3273 [boo#1020876], CVE-2017-3244\n [boo#1020877], CVE-2017-3257 [boo#1020878],\n CVE-2017-3238 [boo#1020882], CVE-2017-3291\n [boo#1020884], CVE-2017-3265 [boo#1020885],\n CVE-2017-3313 [boo#1020890], CVE-2016-8327\n [boo#1020893], CVE-2017-3317 [boo#1020894],\n CVE-2017-3318 [boo#1020896]\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-community-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client18-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client18-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysql56client_r18-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-bench-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-bench-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-client-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-client-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-debugsource-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-errormessages-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-test-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-test-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-tools-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mysql-community-server-tools-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.35-22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysql56client18-32bit / libmysql56client18 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:47", "description": "mysql-community-server was updated to version 5.6.35 to fix bugs and security issues :\n\n - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 35.html\n\n - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896]", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mysql-community-server (openSUSE-2017-258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysql56client18", "p-cpe:/a:novell:opensuse:libmysql56client18-32bit", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysql56client_r18", "p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server", "p-cpe:/a:novell:opensuse:mysql-community-server-bench", "p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-client", "p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debugsource", "p-cpe:/a:novell:opensuse:mysql-community-server-errormessages", "p-cpe:/a:novell:opensuse:mysql-community-server-test", "p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-tools", "p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-258.NASL", "href": "https://www.tenable.com/plugins/nessus/97278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-258.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97278);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n\n script_name(english:\"openSUSE Security Update : mysql-community-server (openSUSE-2017-258)\");\n script_summary(english:\"Check for the openSUSE-2017-258 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"mysql-community-server was updated to version 5.6.35 to fix bugs and\nsecurity issues :\n\n - Changes\n http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-\n 35.html\n\n - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312\n [boo#1020873], CVE-2017-3258 [boo#1020875],\n CVE-2017-3273 [boo#1020876], CVE-2017-3244\n [boo#1020877], CVE-2017-3257 [boo#1020878],\n CVE-2017-3238 [boo#1020882], CVE-2017-3291\n [boo#1020884], CVE-2017-3265 [boo#1020885],\n CVE-2017-3313 [boo#1020890], CVE-2016-8327\n [boo#1020893], CVE-2017-3317 [boo#1020894],\n CVE-2017-3318 [boo#1020896]\"\n );\n # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020896\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-community-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client18-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client18-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysql56client_r18-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-bench-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-bench-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-client-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-client-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-debugsource-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-errormessages-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-test-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-test-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-tools-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mysql-community-server-tools-debuginfo-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client18-32bit-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client18-debuginfo-32bit-5.6.35-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysql56client_r18-32bit-5.6.35-22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysql56client18-32bit / libmysql56client18 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:00", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_35.NASL", "href": "https://www.tenable.com/plugins/nessus/95878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95878);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-8318\",\n \"CVE-2016-8327\",\n \"CVE-2017-3238\",\n \"CVE-2017-3244\",\n \"CVE-2017-3257\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3273\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\"\n );\n script_bugtraq_id(\n 95491,\n 95501,\n 95520,\n 95527,\n 95557,\n 95560,\n 95565,\n 95571,\n 95580,\n 95583,\n 95585,\n 95588,\n 95589\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.35. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1c38e52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.35 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.35', min:'5.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:06", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_35_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/95879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95879);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-8318\",\n \"CVE-2016-8327\",\n \"CVE-2017-3238\",\n \"CVE-2017-3244\",\n \"CVE-2017-3257\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3273\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\"\n );\n script_bugtraq_id(\n 95491,\n 95501,\n 95520,\n 95527,\n 95557,\n 95560,\n 95565,\n 95571,\n 95580,\n 95583,\n 95585,\n 95588,\n 95589\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.35. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3238)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2219938.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?092fb681\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?724b555f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.35 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.35\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:10", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727 .html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3174-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3174-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3174-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96656);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3251\", \"CVE-2017-3256\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3319\", \"CVE-2017-3320\");\n script_xref(name:\"USN\", value:\"3174-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3174-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL\n5.7.17.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3174-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mysql-server-5.5 and / or mysql-server-5.7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.54-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.54-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.17-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.17-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.7\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-10-16T01:08:25", "description": "Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3462)\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3463)\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3461)\n\nServer: DDL unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3464)\n\nUnsafe chmod/chown use in init script (CPU Jan 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). (CVE-2017-3265)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3309)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nWhile the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3308)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3456)\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3450)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3453)", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-05-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql55 (ALAS-2017-831)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql-config", "p-cpe:/a:amazon:linux:mysql55", "p-cpe:/a:amazon:linux:mysql55-bench", "p-cpe:/a:amazon:linux:mysql55-debuginfo", "p-cpe:/a:amazon:linux:mysql55-devel", "p-cpe:/a:amazon:linux:mysql55-embedded", "p-cpe:/a:amazon:linux:mysql55-embedded-devel", "p-cpe:/a:amazon:linux:mysql55-libs", "p-cpe:/a:amazon:linux:mysql55-server", "p-cpe:/a:amazon:linux:mysql55-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-831.NASL", "href": "https://www.tenable.com/plugins/nessus/100276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-831.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100276);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\");\n script_xref(name:\"ALAS\", value:\"2017-831\");\n\n script_name(english:\"Amazon Linux AMI : mysql55 (ALAS-2017-831)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server: Security: Privileges unspecified vulnerability (CPU Apr \n2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3462)\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3463)\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3461)\n\nServer: DDL unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3464)\n\nUnsafe chmod/chown use in init script (CPU Jan 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Packaging). Supported versions that are\naffected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and\nearlier. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where MySQL Server executes\nto compromise MySQL Server. Successful attacks require human\ninteraction from a person other than the attacker. Successful attacks\nof this vulnerability can result in unauthorized access to critical\ndata or complete access to all MySQL Server accessible data and\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6\n(Confidentiality and Availability impacts). (CVE-2017-3265)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. While the vulnerability is in MySQL Server, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3309)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nWhile the vulnerability is in MySQL Server, attacks may significantly\nimpact additional products. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3308)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3456)\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Memcached). Supported versions that are\naffected are 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows unauthenticated attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3450)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3453)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-831.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql55-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql-config-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-bench-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-debuginfo-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-devel-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-embedded-devel-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-libs-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-server-5.5.56-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql55-test-5.5.56-1.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-14T02:49:46", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.32. Please see the MariaDB 10.0 Release Notes for further details :\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10031-release- notes/\n - https://mariadb.com/kb/en/mariadb/mariadb-10032-release- notes/", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-08-17T00:00:00", "type": "nessus", "title": "Debian DSA-3944-1 : mariadb-10.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3464", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3653"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3944.NASL", "href": "https://www.tenable.com/plugins/nessus/102529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3944. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102529);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3464\", \"CVE-2017-3636\", \"CVE-2017-3641\", \"CVE-2017-3653\");\n script_xref(name:\"DSA\", value:\"3944\");\n\n script_name(english:\"Debian DSA-3944-1 : mariadb-10.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.32. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10031-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10032-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10031-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10031-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10032-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10032-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3944\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 10.0.32-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.32-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.32-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:53", "description": "The remote host is affected by the vulnerability described in GLSA-201702-17 (MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "GLSA-201702-17 : MySQL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mysql", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201702-17.NASL", "href": "https://www.tenable.com/plugins/nessus/97260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-17.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97260);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3251\", \"CVE-2017-3256\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3319\", \"CVE-2017-3320\");\n script_xref(name:\"GLSA\", value:\"201702-17\");\n\n script_name(english:\"GLSA-201702-17 : MySQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-17\n(MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly escalate privileges, gain access to critical\n data or complete access to all MySQL server accessible data, or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8abbca81\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.6.35\"), vulnerable:make_list(\"lt 5.6.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:09", "description": "Oracle reports :\n\nNo further details have been provided in the Critical Patch Update", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-01-19T00:00:00", "type": "nessus", "title": "FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3243", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb100-server", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server", "p-cpe:/a:freebsd:freebsd:mysql55-server", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4D2F9D09DDB711E6A9A5B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/96618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96618);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3243\", \"CVE-2017-3244\", \"CVE-2017-3251\", \"CVE-2017-3256\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3265\", \"CVE-2017-3273\", \"CVE-2017-3291\", \"CVE-2017-3312\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\", \"CVE-2017-3319\", \"CVE-2017-3320\");\n\n script_name(english:\"FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nNo further details have been provided in the Critical Patch Update\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1c38e52\"\n );\n # https://vuxml.freebsd.org/freebsd/4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?527b28a5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.54\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-server<10.0.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.22\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<5.5.54\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.35\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-10-16T01:08:26", "description": "Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3462)\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3463)\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3461)\n\nServer: DDL unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3464)\n\nUnsafe chmod/chown use in init script (CPU Jan 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). (CVE-2017-3265)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3309)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\nWhile the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3308)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3456)\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3450)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3453)\n\nInteger underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017) :\n\nAn integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-05-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql56 (ALAS-2017-830)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3453", "CVE-2017-3456", "CVE-2017-3461", "CVE-2017-3462", "CVE-2017-3463", "CVE-2017-3464", "CVE-2017-3599"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-server", "p-cpe:/a:amazon:linux:mysql56-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-830.NASL", "href": "https://www.tenable.com/plugins/nessus/100275", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-830.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100275);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\", \"CVE-2017-3309\", \"CVE-2017-3450\", \"CVE-2017-3453\", \"CVE-2017-3456\", \"CVE-2017-3461\", \"CVE-2017-3462\", \"CVE-2017-3463\", \"CVE-2017-3464\", \"CVE-2017-3599\");\n script_xref(name:\"ALAS\", value:\"2017-830\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2017-830)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server: Security: Privileges unspecified vulnerability (CPU Apr \n2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3462)\n\nSecurity: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3463)\n\nServer: Security: Privileges unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Security: Privileges). Supported versions that\nare affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3461)\n\nServer: DDL unspecified vulnerability (CPU Apr 2017) :\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DDL). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MySQL Server accessible\ndata. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3464)\n\nUnsafe chmod/chown use in init script (CPU Jan 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Packaging). Supported versions that are\naffected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and\nearlier. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where MySQL Server executes\nto compromise MySQL Server. Successful attacks require human\ninteraction from a person other than the attacker. Successful attacks\nof this vulnerability can result in unauthorized access to critical\ndata or complete access to all MySQL Server accessible data and\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6\n(Confidentiality and Availability impacts). (CVE-2017-3265)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. While the vulnerability is in MySQL Server, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0\nBase Score 7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3309)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nWhile the vulnerability is in MySQL Server, attacks may significantly\nimpact additional products. Successful attacks of this vulnerability\ncan result in unauthorized ability to cause a hang or frequently\nrepeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score\n7.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3308)\n\nServer: DML unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: DML). Supported versions that are affected are\n5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3456)\n\nServer: Memcached unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Memcached). Supported versions that are\naffected are 5.6.35 and earlier and 5.7.17 and earlier. Easily\n'exploitable' vulnerability allows unauthenticated attacker with\nnetwork access via multiple protocols to compromise MySQL Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS)\nof MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3450)\n\nServer: Optimizer unspecified vulnerability (CPU Apr 2017)\n\nVulnerability in the MySQL Server component of Oracle MySQL\n(subcomponent: Server: Optimizer). Supported versions that are\naffected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and\nearlier. Easily 'exploitable' vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise\nMySQL Server. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n(CVE-2017-3453)\n\nInteger underflow in get_56_lenc_string() leading to DoS (CPU Apr\n2017) :\n\nAn integer overflow flaw leading to a buffer overflow was found in the\nway MySQL parsed connection handshake packets. An unauthenticated\nremote attacker with access to the MySQL port could use this flaw to\ncrash the mysqld daemon. (CVE-2017-3599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-830.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.36-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.36-1.25.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:39:06", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.17. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3238, CVE-2017-3251)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3256)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3319)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2017-3320)\n\n - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3646)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320", "CVE-2017-3646"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_17.NASL", "href": "https://www.tenable.com/plugins/nessus/95880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95880);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-8318\",\n \"CVE-2016-8327\",\n \"CVE-2017-3238\",\n \"CVE-2017-3244\",\n \"CVE-2017-3251\",\n \"CVE-2017-3256\",\n \"CVE-2017-3257\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3273\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\",\n \"CVE-2017-3319\",\n \"CVE-2017-3320\",\n \"CVE-2017-3646\"\n );\n script_bugtraq_id(\n 95470,\n 95479,\n 95482,\n 95486,\n 95491,\n 95501,\n 95520,\n 95527,\n 95557,\n 95560,\n 95565,\n 95571,\n 95580,\n 95583,\n 95585,\n 95588,\n 95589,\n 99786\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.17. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3238, CVE-2017-3251)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3256)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - An unspecified flaw exists in the X Plugin subcomponent\n that allows an authenticated, remote attacker to\n disclose sensitive information. (CVE-2017-3319)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2017-3320)\n\n - An unspecified flaw exists in the X Plugin subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3646)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1c38e52\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.17', min:'5.7', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:06", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.17. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3238, CVE-2017-3251)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3256)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318)\n\n - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3319)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2017-3320)\n\n - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3646)\n\n - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.\n\n - An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3251", "CVE-2017-3256", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3265", "CVE-2017-3273", "CVE-2017-3291", "CVE-2017-3312", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320", "CVE-2017-3646"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_17_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/95881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95881);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-8318\",\n \"CVE-2016-8327\",\n \"CVE-2017-3238\",\n \"CVE-2017-3244\",\n \"CVE-2017-3251\",\n \"CVE-2017-3256\",\n \"CVE-2017-3257\",\n \"CVE-2017-3258\",\n \"CVE-2017-3265\",\n \"CVE-2017-3273\",\n \"CVE-2017-3291\",\n \"CVE-2017-3312\",\n \"CVE-2017-3313\",\n \"CVE-2017-3317\",\n \"CVE-2017-3318\",\n \"CVE-2017-3319\",\n \"CVE-2017-3320\",\n \"CVE-2017-3646\"\n );\n script_bugtraq_id(\n 95470,\n 95479,\n 95482,\n 95486,\n 95491,\n 95501,\n 95520,\n 95527,\n 95557,\n 95560,\n 95565,\n 95571,\n 95580,\n 95583,\n 95585,\n 95588,\n 95589,\n 99786\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.17. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8318)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8327)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3238, CVE-2017-3251)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3244)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3256)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3257)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3258)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to impact confidentiality\n and availability. (CVE-2017-3265)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3273)\n\n - Multiple unspecified flaws exist in the Packaging\n subcomponent that allow a local attacker to gain\n elevated privileges. (CVE-2017-3291, CVE-2017-3312)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose sensitive\n information. (CVE-2017-3313)\n\n - An unspecified flaw exists in the Logging subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2017-3317)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to disclose\n sensitive information. (CVE-2017-3318)\n\n - An unspecified flaw exists in the X Plugin subcomponent\n that allows an authenticated, remote attacker to\n disclose sensitive information. (CVE-2017-3319)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2017-3320)\n\n - An unspecified flaw exists in the X Plugin subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-3646)\n\n - A local privilege escalation vulnerability exists in the\n mysqld_safe component due to unsafe use of the 'rm' and\n 'chown' commands. A local attacker can exploit this to\n gain elevated privileges.\n\n - An unspecified flaw exists in the mysqld_safe component\n that allows an authenticated, remote attacker to have an\n unspecified impact.\n\n - An overflow condition exists in the Optimizer component\n due to improper validation of user-supplied input when\n handling nested expressions. An authenticated, remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition.\n\n - An unspecified flaw exists when handling a CREATE TABLE\n query with a DATA DIRECTORY clause. An authenticated,\n remote attacker can exploit this to gain elevated\n privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2219938.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?092fb681\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?724b555f\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d520c6c8\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322067e2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.17\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:10", "description": "The following security-related issues were fixed :\n\nCVE-2016-8318 Server: Security: Encryption unspecified vulnerability\n\nCVE-2016-8327 Server: Replication unspecified vulnerability\n\nCVE-2017-3238 Server: Optimizer unspecified vulnerability\n\nCVE-2017-3244 Server: DML unspecified vulnerability\n\nCVE-2017-3257 Server: InnoDB unspecified vulnerability\n\nCVE-2017-3258 Server: DDL unspecified vulnerability\n\nCVE-2017-3273 Server: DDL unspecified vulnerability\n\nCVE-2017-3313 Server: MyISAM unspecified vulnerability\n\nCVE-2017-3317 Logging unspecified vulnerability\n\nCVE-2017-3318 Server: Error Handling unspecified vulnerability", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql56 (ALAS-2017-790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8318", "CVE-2016-8327", "CVE-2017-3238", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3258", "CVE-2017-3273", "CVE-2017-3313", "CVE-2017-3317", "CVE-2017-3318"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-server", "p-cpe:/a:amazon:linux:mysql56-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-790.NASL", "href": "https://www.tenable.com/plugins/nessus/96808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-790.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96808);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-8318\", \"CVE-2016-8327\", \"CVE-2017-3238\", \"CVE-2017-3244\", \"CVE-2017-3257\", \"CVE-2017-3258\", \"CVE-2017-3273\", \"CVE-2017-3313\", \"CVE-2017-3317\", \"CVE-2017-3318\");\n script_xref(name:\"ALAS\", value:\"2017-790\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2017-790)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security-related issues were fixed :\n\nCVE-2016-8318 Server: Security: Encryption unspecified vulnerability\n\nCVE-2016-8327 Server: Replication unspecified vulnerability\n\nCVE-2017-3238 Server: Optimizer unspecified vulnerability\n\nCVE-2017-3244 Server: DML unspecified vulnerability\n\nCVE-2017-3257 Server: InnoDB unspecified vulnerability\n\nCVE-2017-3258 Server: DDL unspecified vulnerability\n\nCVE-2017-3273 Server: DDL unspecified vulnerability\n\nCVE-2017-3313 Server: MyISAM unspecified vulnerability\n\nCVE-2017-3317 Logging unspecified vulnerability\n\nCVE-2017-3318 Server: Error Handling unspecified vulnerability\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-790.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.35-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.35-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:02", "description": "Update to 5.7.18\n\nCVEs fixed by this update can be found here:\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618 .html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "Fedora 25 : community-mysql (2017-fe6e14dcf9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-FE6E14DCF9.NASL", "href": "https://www.tenable.com/plugins/nessus/99748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fe6e14dcf9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99748);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\");\n script_xref(name:\"FEDORA\", value:\"2017-fe6e14dcf9\");\n\n script_name(english:\"Fedora 25 : community-mysql (2017-fe6e14dcf9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 5.7.18\n\nCVEs fixed by this update can be found here:\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618\n.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe6e14dcf9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"community-mysql-5.7.18-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:52", "description": "Update to 5.7.18\n\nCVEs fixed by this update can be found here:\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618 .html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.7, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "Fedora 24 : community-mysql (2017-ef6bed485e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3265", "CVE-2017-3308"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-EF6BED485E.NASL", "href": "https://www.tenable.com/plugins/nessus/99747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ef6bed485e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99747);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3265\", \"CVE-2017-3308\");\n script_xref(name:\"FEDORA\", value:\"2017-ef6bed485e\");\n\n script_name(english:\"Fedora 24 : community-mysql (2017-ef6bed485e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 5.7.18\n\nCVEs fixed by this update can be found here:\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618\n.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ef6bed485e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"community-mysql-5.7.18-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:10", "description": "Update to 5.7.18\n\nCVEs fixed by this update can be found here:\nhttp://www.oracle.com/technetwork/security-ad
[SECURITY] Fedora 26 Update: mariadb-10.1.24-3.fc26
