Lucene search
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.ALA_ALAS-2012-93.NASLHistorySep 04, 2013 - 12:00 a.m.
Amazon Linux AMI : mysql55 (ALAS-2012-93)
2013-09-0400:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
58
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-93.
#
include("compat.inc");
if (description)
{
script_id(69700);
script_version("1.6");
script_cvs_date("Date: 2018/04/18 15:09:34");
script_cve_id("CVE-2012-2122");
script_xref(name:"ALAS", value:"2012-93");
script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2012-93)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before
5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x
before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when
running in certain environments with certain implementations of the
memcmp function, allows remote attackers to bypass authentication by
repeatedly authenticating with the same incorrect password, which
eventually causes a token comparison to succeed due to an
improperly-checked return value."
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2012-93.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update mysql55' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2012/07/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"mysql55-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-common-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.24-1.24.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.24-1.24.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql55 / mysql55-bench / mysql55-common / mysql55-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | mysql55 | p-cpe:/a:amazon:linux:mysql55 |
| amazon | linux | mysql55-bench | p-cpe:/a:amazon:linux:mysql55-bench |
| amazon | linux | mysql55-common | p-cpe:/a:amazon:linux:mysql55-common |
| amazon | linux | mysql55-debuginfo | p-cpe:/a:amazon:linux:mysql55-debuginfo |
| amazon | linux | mysql55-devel | p-cpe:/a:amazon:linux:mysql55-devel |
| amazon | linux | mysql55-embedded | p-cpe:/a:amazon:linux:mysql55-embedded |
| amazon | linux | mysql55-embedded-devel | p-cpe:/a:amazon:linux:mysql55-embedded-devel |
| amazon | linux | mysql55-libs | p-cpe:/a:amazon:linux:mysql55-libs |
| amazon | linux | mysql55-server | p-cpe:/a:amazon:linux:mysql55-server |
| amazon | linux | mysql55-test | p-cpe:/a:amazon:linux:mysql55-test |
Related
canvas
canvas
Immunity Canvas: MYSQL_LOGIN_REMOTE
2012-06-26 18:55:00
securityvulns
securityvulns
[USN-1467-1] MySQL vulnerabilities
2012-06-12 00:00:00
MySQL authentication vulnerability
2012-06-12 00:00:00
ubuntucve
ubuntucve
CVE-2012-2122
2012-06-11 00:00:00
openvas
openvas
openSUSE: Security Advisory for mysql (openSUSE-SU-2012:0860-1)
2012-12-13 00:00:00
Fedora Update for mysql FEDORA-2012-9308
2012-08-30 00:00:00
Fedora Update for mysql FEDORA-2012-9308
2012-08-30 00:00:00
nessus
nessus
openSUSE Security Update : mysql-cluster (openSUSE-SU-2012:0860-1)
2014-06-13 00:00:00
Fedora 16 : mysql-5.5.24-1.fc16 (2012-9324)
2012-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: mysql-5.5.24-1.fc17
2012-06-17 22:24:29
[SECURITY] Fedora 16 Update: mysql-5.5.24-1.fc16
2012-06-26 21:30:56
[SECURITY] Fedora 17 Update: mysql-5.5.28-2.fc17
2012-12-15 18:00:29
packetstorm
packetstorm
Kartoo Search Engine XSS / Remote File Inclusion
2013-11-19 00:00:00
MySQL Remote Root Authentication Bypass
2012-06-12 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2012-06-11 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL and MariaDB Incorrect Cast Policy Bypass - Ver2 (CVE-2012-2122)
2015-03-26 00:00:00
prion
prion
Authentication flaw
2012-06-26 18:55:00
osv
osv
mysql-5.1 - several
2012-06-18 00:00:00
suse
suse
mysql (CVE-2012-2122) (important)
2012-07-11 11:08:34
Security update for MySQL (important)
2012-08-13 19:08:39
seebug
seebug
MariaDB/MySQL ๆฆ็ๆงไปปๆๅฏ็ (่บซไปฝ่ฎค่ฏ)็ปๅฝๆผๆด(CVE-2012-2122)
2012-06-11 00:00:00
metasploit
metasploit
MySQL Authentication Bypass Password Dump
2012-06-17 11:19:53
f5
f5
K14428 : MySQL vulnerability CVE-2012-2122
2013-09-23 00:00:00
SOL14428 - MySQL vulnerability CVE-2012-2122
2013-05-23 00:00:00
amazon
amazon
Important: mysql55
2012-07-05 16:07:00
cve
cve
CVE-2012-2122
2012-06-26 18:55:00
thn
thn
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
2012-06-11 07:29:00
threatpost
threatpost
Trivial Password Flaw Leaves MySQL Databases Exposed
2012-06-11 14:03:23
veracode
veracode
Privilege Escalation
2021-08-28 21:30:09
exploitdb
exploitdb
HackBack - A DIY Guide
2016-04-17 00:00:00
nmap
nmap
mysql-vuln-cve2012-2122 NSE Script
2012-06-13 06:12:13
oraclelinux
oraclelinux
mysql security update
2013-01-22 00:00:00
centos
centos
mysql security update
2013-01-22 21:34:28
mysql security update
2012-11-15 03:44:02
redhat
redhat
(RHSA-2013:0180) Important: mysql security update
2013-01-22 00:00:00
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
debian
debian
[SECURITY] [DSA 2496-1] mysql-5.1 security update
2012-06-18 20:37:59
kitploit
kitploit
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
Related for ALA_ALAS-2012-93.NASL