Lucene search
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.ALA_ALAS-2017-927.NASLHistoryDec 07, 2017 - 12:00 a.m.
Amazon Linux AMI : mysql55 (ALAS-2017-927)
2017-12-0700:00:00
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
www.tenable.com
15
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.(CVE-2017-10379)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10378)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10384)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.(CVE-2017-10268)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-927.
#
include("compat.inc");
if (description)
{
script_id(105051);
script_version("3.3");
script_cvs_date("Date: 2018/04/18 15:09:36");
script_cve_id("CVE-2017-10268", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
script_xref(name:"ALAS", value:"2017-927");
script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2017-927)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Client programs). Easily exploitable vulnerability
allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized access to critical data or
complete access to all MySQL Server accessible data.(CVE-2017-10379)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Optimizer). Easily exploitable vulnerability
allows low privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL
Server.(CVE-2017-10378)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10384)
Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Difficult to exploit
vulnerability allows high privileged attacker with logon to the
infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MySQL Server
accessible data.(CVE-2017-10268)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2017-927.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update mysql55' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql-config");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"mysql-config-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.58-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.58-1.19.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | mysql-config | p-cpe:/a:amazon:linux:mysql-config |
| amazon | linux | mysql55 | p-cpe:/a:amazon:linux:mysql55 |
| amazon | linux | mysql55-bench | p-cpe:/a:amazon:linux:mysql55-bench |
| amazon | linux | mysql55-debuginfo | p-cpe:/a:amazon:linux:mysql55-debuginfo |
| amazon | linux | mysql55-devel | p-cpe:/a:amazon:linux:mysql55-devel |
| amazon | linux | mysql55-embedded | p-cpe:/a:amazon:linux:mysql55-embedded |
| amazon | linux | mysql55-embedded-devel | p-cpe:/a:amazon:linux:mysql55-embedded-devel |
| amazon | linux | mysql55-libs | p-cpe:/a:amazon:linux:mysql55-libs |
| amazon | linux | mysql55-server | p-cpe:/a:amazon:linux:mysql55-server |
| amazon | linux | mysql55-test | p-cpe:/a:amazon:linux:mysql55-test |
Related
nessus
nessus
SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2996-1)
2017-11-13 00:00:00
MySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)
2017-10-19 00:00:00
MySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (October 2017 CPU)
2017-10-20 00:00:00
osv
osv
mysql-5.5 - security update
2017-10-19 00:00:00
mysql-5.5 - security update
2017-10-19 00:00:00
CVE-2017-10384
2017-10-19 17:29:05
ubuntu
ubuntu
MySQL vulnerabilities
2017-10-30 00:00:00
MySQL vulnerabilities
2017-10-23 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1141-1)
2018-02-06 00:00:00
Ubuntu: Security Advisory (USN-3459-2)
2022-08-26 00:00:00
Debian: Security Advisory (DSA-4002-1)
2017-10-18 00:00:00
debian
debian
[SECURITY] [DLA 1141-1] mysql-5.5 security update
2017-10-19 18:15:56
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
suse
suse
Security update for mysql (important)
2017-11-11 00:07:25
Security update for mysql-community-server (important)
2017-10-27 18:28:48
Security update for mariadb (important)
2018-03-15 21:07:44
amazon
amazon
Medium: mysql55
2017-12-05 21:54:00
Important: mysql56, mysql57
2017-12-05 21:50:00
Medium: mariadb
2018-09-12 22:57:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2017-12-21 21:18:18
slackware
slackware
[slackware-security] mariadb
2017-11-03 06:23:58
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
f5
f5
fedora
fedora
[SECURITY] Fedora 26 Update: community-mysql-5.7.20-1.fc26
2017-11-06 23:35:05
[SECURITY] Fedora 27 Update: community-mysql-5.7.20-1.fc27
2017-11-11 13:51:45
[SECURITY] Fedora 25 Update: community-mysql-5.7.20-1.fc25
2017-11-06 23:33:59
redhat
redhat
(RHSA-2017:3265) Important: rh-mysql56-mysql security update
2017-11-27 18:24:50
(RHSA-2017:3442) Important: rh-mysql57-mysql security update
2017-12-12 12:52:23
(RHSA-2018:2439) Moderate: mariadb security and bug fix update
2018-08-16 12:46:48
ubuntucve
ubuntucve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00
alpinelinux
alpinelinux
CVE-2017-10268
2017-10-19 17:29:00
CVE-2017-10378
2017-10-19 17:29:00
mariadbunix
mariadbunix
cve
cve
debiancve
debiancve
CVE-2017-10268
2017-10-19 17:29:00
CVE-2017-10378
2017-10-19 17:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:51
Privilege Escalation
2019-05-02 06:37:50
Privilege Escalation
2019-05-02 06:37:51
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
ibm
ibm
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-10-18 00:00:00
centos
centos
mariadb security update
2018-08-21 01:08:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2018-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
Related for ALA_ALAS-2017-927.NASL