Lucene search
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.ALA_ALAS-2014-298.NASLHistoryMar 12, 2014 - 12:00 a.m.
Amazon Linux AMI : mysql51 (ALAS-2014-298)
2014-03-1200:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
12
This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402 , CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908)
A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
(CVE-2014-0001)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2014-298.
#
include("compat.inc");
if (description)
{
script_id(72946);
script_version("1.4");
script_cvs_date("Date: 2018/04/18 15:09:35");
script_cve_id("CVE-2013-5908", "CVE-2014-0001", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0437");
script_xref(name:"ALAS", value:"2014-298");
script_xref(name:"RHSA", value:"2014:0164");
script_name(english:"Amazon Linux AMI : mysql51 (ALAS-2014-298)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes several vulnerabilities in the MySQL database
server. (CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402
, CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908)
A buffer overflow flaw was found in the way the MySQL command line
client tool (mysql) processed excessively long version strings. If a
user connected to a malicious MySQL server via the mysql client, the
server could use this flaw to crash the mysql client or, potentially,
execute arbitrary code as the user running the mysql client.
(CVE-2014-0001)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2014-298.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update mysql51' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql51-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"mysql51-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-bench-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-common-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-debuginfo-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-devel-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-embedded-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-embedded-devel-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-libs-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-server-5.1.73-3.68.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql51-test-5.1.73-3.68.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql51 / mysql51-bench / mysql51-common / mysql51-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | mysql51 | p-cpe:/a:amazon:linux:mysql51 |
| amazon | linux | mysql51-bench | p-cpe:/a:amazon:linux:mysql51-bench |
| amazon | linux | mysql51-common | p-cpe:/a:amazon:linux:mysql51-common |
| amazon | linux | mysql51-debuginfo | p-cpe:/a:amazon:linux:mysql51-debuginfo |
| amazon | linux | mysql51-devel | p-cpe:/a:amazon:linux:mysql51-devel |
| amazon | linux | mysql51-embedded | p-cpe:/a:amazon:linux:mysql51-embedded |
| amazon | linux | mysql51-embedded-devel | p-cpe:/a:amazon:linux:mysql51-embedded-devel |
| amazon | linux | mysql51-libs | p-cpe:/a:amazon:linux:mysql51-libs |
| amazon | linux | mysql51-server | p-cpe:/a:amazon:linux:mysql51-server |
| amazon | linux | mysql51-test | p-cpe:/a:amazon:linux:mysql51-test |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437
alas.aws.amazon.com/ALAS-2014-298.html
Related
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
redhat
redhat
(RHSA-2014:0164) Moderate: mysql security and bug fix update
2014-02-12 00:00:00
(RHSA-2014:0173) Moderate: mysql55-mysql security update
2014-02-13 00:00:00
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
openvas
openvas
RedHat Update for mysql RHSA-2014:0164-01
2014-02-13 00:00:00
RedHat Update for mysql RHSA-2014:0164-01
2014-02-13 00:00:00
Oracle: Security Advisory (ELSA-2014-0164)
2015-10-06 00:00:00
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
nessus
nessus
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)
2014-02-13 00:00:00
Oracle Linux 6 : mysql (ELSA-2014-0164)
2014-02-13 00:00:00
RHEL 6 : mysql (RHSA-2014:0164)
2014-02-13 00:00:00
oraclelinux
oraclelinux
mysql security and bug fix update
2014-02-12 00:00:00
mysql55-mysql security update
2014-02-18 00:00:00
centos
centos
mysql security update
2014-02-12 19:48:34
mysql55 security update
2014-02-19 17:28:37
mariadb55 security update
2014-02-26 15:32:19
f5
f5
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
K16389 : Multiple MySQL vulnerabilities
2015-07-22 00:00:00
debian
debian
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:49:25
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:55
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
MySQL vulnerabilities
2014-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 19 Update: mariadb-5.5.39-1.fc19
2014-09-10 13:31:10
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
mariadbunix
mariadbunix
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
cve
cve
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
slackware
slackware
mariadb, mysql
2014-02-19 20:24:35
checkpoint_advisories
checkpoint_advisories
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
2014-03-16 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
osv
osv
mysql-5.1 - security update
2014-10-22 00:00:00
mysql-5.5 - security update
2014-05-03 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00
Related for ALA_ALAS-2014-298.NASL