Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2013-0772.NASLHistoryApr 30, 2013 - 12:00 a.m.
CentOS 6 : mysql (CESA-2013:0772)
2013-04-3000:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392)
These updated packages upgrade MySQL to version 5.1.69. Refer to the MySQL release notes listed in the References section for a full list of changes.
All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0772 and
# CentOS Errata and Security Advisory 2013:0772 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(66257);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2012-5614", "CVE-2013-1506", "CVE-2013-1521", "CVE-2013-1531", "CVE-2013-1532", "CVE-2013-1544", "CVE-2013-1548", "CVE-2013-1552", "CVE-2013-1555", "CVE-2013-2375", "CVE-2013-2378", "CVE-2013-2389", "CVE-2013-2391", "CVE-2013-2392", "CVE-2013-3808");
script_bugtraq_id(56776, 59180, 59188, 59196, 59202, 59207, 59209, 59210, 59211, 59223, 59224, 59229, 59237, 59242);
script_xref(name:"RHSA", value:"2013:0772");
script_name(english:"CentOS 6 : mysql (CESA-2013:0772)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists
of the MySQL server daemon (mysqld) and many client programs and
libraries.
This update fixes several vulnerabilities in the MySQL database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory page, listed in the References section.
(CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531,
CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552,
CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389,
CVE-2013-2391, CVE-2013-2392)
These updated packages upgrade MySQL to version 5.1.69. Refer to the
MySQL release notes listed in the References section for a full list
of changes.
All MySQL users should upgrade to these updated packages, which
correct these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically."
);
# https://lists.centos.org/pipermail/centos-announce/2013-April/019707.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?eb64d61e"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mysql packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1521");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/03");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-6", reference:"mysql-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-bench-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-devel-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-embedded-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-embedded-devel-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-libs-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-server-5.1.69-1.el6_4")) flag++;
if (rpm_check(release:"CentOS-6", reference:"mysql-test-5.1.69-1.el6_4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-embedded / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | mysql | p-cpe:/a:centos:centos:mysql |
| centos | centos | mysql-bench | p-cpe:/a:centos:centos:mysql-bench |
| centos | centos | mysql-devel | p-cpe:/a:centos:centos:mysql-devel |
| centos | centos | mysql-embedded | p-cpe:/a:centos:centos:mysql-embedded |
| centos | centos | mysql-embedded-devel | p-cpe:/a:centos:centos:mysql-embedded-devel |
| centos | centos | mysql-libs | p-cpe:/a:centos:centos:mysql-libs |
| centos | centos | mysql-server | p-cpe:/a:centos:centos:mysql-server |
| centos | centos | mysql-test | p-cpe:/a:centos:centos:mysql-test |
| centos | centos | 6 | cpe:/o:centos:centos:6 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3808
www.nessus.org/u?eb64d61e
Related
nessus
nessus
Oracle Linux 6 : mysql (ELSA-2013-0772)
2013-07-12 00:00:00
MySQL 5.1 < 5.1.69 Multiple Vulnerabilities
2013-04-22 00:00:00
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20130425)
2013-04-26 00:00:00
veracode
veracode
Improper Access Control
2019-05-02 04:44:49
Authentication Bypass
2019-05-02 04:44:50
Improper Access Control
2019-05-02 04:44:49
openvas
openvas
CentOS Update for mysql CESA-2013:0772 centos6
2013-05-02 00:00:00
Oracle: Security Advisory (ELSA-2013-0772)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-187)
2015-09-08 00:00:00
centos
centos
mysql security update
2013-04-25 20:16:01
redhat
redhat
(RHSA-2013:0772) Important: mysql security update
2013-04-25 00:00:00
amazon
amazon
Important: mysql51
2013-04-25 20:40:00
Important: mysql55
2013-04-25 20:40:00
oraclelinux
oraclelinux
mysql security update
2013-04-25 00:00:00
debian
debian
[SECURITY] [DSA 2667-1] mysql-5.5 security update
2013-05-12 19:35:40
ubuntu
ubuntu
MySQL vulnerabilities
2013-04-25 00:00:00
MySQL vulnerabilities
2013-04-25 00:00:00
mariadbunix
mariadbunix
cve
cve
ubuntucve
ubuntucve
packetstorm
packetstorm
Oracle MySQL 5.5.19-log Denial Of Service
2012-12-03 00:00:00
prion
prion
Design/Logic Flaw
2013-04-17 12:14:00
Command injection
2012-12-03 12:49:00
Design/Logic Flaw
2013-07-17 13:41:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
thn
thn
Multiple MySQL database Zero-day vulnerabilities published
2012-12-03 13:54:00
securityvulns
securityvulns
MySQL multiple security vulnerabilities
2012-12-07 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
threatpost
threatpost
Experts Downplay MySQL Database Zero-Days
2012-12-03 19:31:06
suse
suse
Security update for MySQL (important)
2013-08-30 00:04:13
Security update for mysql, mysql-client (important)
2013-10-07 22:04:14
Related for CENTOS_RHSA-2013-0772.NASL