Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.ALA_ALAS-2014-428.NASL
HistoryOct 20, 2014 - 12:00 a.m.

Amazon Linux AMI : mysql55 (ALAS-2014-428)

2014-10-2000:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6491)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier.
Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. (CVE-2014-6559)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6500)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2014-6494)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2014-428.
#

include("compat.inc");

if (description)
{
  script_id(78558);
  script_version("1.4");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6500", "CVE-2014-6559");
  script_xref(name:"ALAS", value:"2014-428");

  script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2014-428)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized takeover of MySQL Server possibly including arbitrary
code execution within the MySQL Server. (CVE-2014-6491)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions
that are affected are 5.5.39 and earlier and 5.6.20 and earlier.
Difficult to exploit vulnerability allows successful unauthenticated
network attacks via multiple protocols. Successful attack of this
vulnerability can result in unauthorized read access to all MySQL
Server accessible data. (CVE-2014-6559)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized takeover of MySQL Server possibly including arbitrary
code execution within the MySQL Server. (CVE-2014-6500)

Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected
are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit
vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server. (CVE-2014-6494)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2014-428.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update mysql55' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"mysql55-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-common-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.40-1.3.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.40-1.3.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql55 / mysql55-bench / mysql55-common / mysql55-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxmysql55p-cpe:/a:amazon:linux:mysql55
amazonlinuxmysql55-benchp-cpe:/a:amazon:linux:mysql55-bench
amazonlinuxmysql55-commonp-cpe:/a:amazon:linux:mysql55-common
amazonlinuxmysql55-debuginfop-cpe:/a:amazon:linux:mysql55-debuginfo
amazonlinuxmysql55-develp-cpe:/a:amazon:linux:mysql55-devel
amazonlinuxmysql55-embeddedp-cpe:/a:amazon:linux:mysql55-embedded
amazonlinuxmysql55-embedded-develp-cpe:/a:amazon:linux:mysql55-embedded-devel
amazonlinuxmysql55-libsp-cpe:/a:amazon:linux:mysql55-libs
amazonlinuxmysql55-serverp-cpe:/a:amazon:linux:mysql55-server
amazonlinuxmysql55-testp-cpe:/a:amazon:linux:mysql55-test
Rows per page:
1-10 of 111

Related

openvas 23
amazon 1
mariadbunix 5
ubuntucve 5
cve 5
prion 5
debiancve 4
ibm 1
nessus 23
gentoo 1
slackware 1
mageia 1
veracode 1
ubuntu 1
debian 2
osv 1
f5 2
suse 3
redhat 6
oraclelinux 2
centos 2
fedora 1
securityvulns 1
oracle 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-428)
2015-09-08 00:00:00
Oracle MySQL Server <= 5.5.39 / 5.6 <= 5.6.20 Security Update (cpuoct2014) - Windows
2014-10-20 00:00:00
Slackware: Security Advisory (SSA:2014-307-01)
2022-04-21 00:00:00
amazon
amazon
Important: mysql55
2014-10-16 22:14:00
mariadbunix
mariadbunix
CVE-2014-6500
2014-10-15 22:55:00
CVE-2014-6491
2014-10-15 22:55:00
CVE-2014-6559
2014-10-15 22:55:00
ubuntucve
ubuntucve
CVE-2014-6500
2014-10-15 00:00:00
CVE-2014-6491
2014-10-15 00:00:00
CVE-2014-6559
2014-10-15 00:00:00
cve
cve
CVE-2014-6491
2014-10-15 22:55:00
CVE-2014-6500
2014-10-15 22:55:00
CVE-2014-6559
2014-10-15 22:55:00
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
debiancve
debiancve
CVE-2014-6491
2014-10-15 22:55:00
CVE-2014-6500
2014-10-15 22:55:00
CVE-2014-6496
2014-10-15 22:55:00
ibm
ibm
Security Bulletin: InfoSphere Guardium Database Activity Monitoring vulnerable to multiple Oracle MySQL vulnerabilties
2018-06-16 21:28:16
nessus
nessus
MariaDB 5.5.0 < 5.5.40 Multiple Vulnerabilities
2022-11-18 00:00:00
GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities
2014-11-06 00:00:00
MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities
2019-09-26 00:00:00
gentoo
gentoo
MySQL, MariaDB: Multiple vulnerabilities
2014-11-05 00:00:00
slackware
slackware
[slackware-security] mariadb
2014-11-04 01:25:07
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2014-10-26 00:23:09
veracode
veracode
Information Disclosure
2019-05-02 05:04:51
ubuntu
ubuntu
MySQL vulnerabilities
2014-10-15 00:00:00
debian
debian
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 16:19:38
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
osv
osv
mysql-5.5 - security update
2014-10-20 00:00:00
f5
f5
K15725 : Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
suse
suse
Security update for MariaDB (important)
2015-07-09 17:08:05
Security update for MySQL (important)
2015-03-28 01:04:56
Security update for mariadb (important)
2015-04-21 19:05:04
redhat
redhat
(RHSA-2014:1862) Important: mariadb55-mariadb security update
2014-11-17 00:00:00
(RHSA-2014:1940) Important: mariadb-galera security update
2014-12-02 16:44:45
(RHSA-2014:1937) Important: mariadb-galera security update
2014-12-02 16:39:58
oraclelinux
oraclelinux
mysql55-mysql security update
2014-11-17 00:00:00
mariadb security update
2014-11-17 00:00:00
centos
centos
mariadb security update
2014-11-17 17:32:07
mysql55 security update
2014-11-17 17:35:05
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20
2014-12-12 04:25:50
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2014-11-03 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
JSON
Related for ALA_ALAS-2014-428.NASL
openvas23amazon1mariadbunix5ubuntucve5cve5prion5debiancve4ibm1nessus23gentoo1slackware1mageia1veracode1ubuntu1debian2osv1f52suse3redhat6oraclelinux2centos2fedora1securityvulns1oracle1