Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1478.NASL
HistoryJan 30, 2008 - 12:00 a.m.

Debian DSA-1478-1 : mysql-dfsg-5.0 - buffer overflows

2008-01-3000:00:00
This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1478. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30125);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2008-0226", "CVE-2008-0227");
  script_xref(name:"DSA", value:"1478");

  script_name(english:"Debian DSA-1478-1 : mysql-dfsg-5.0 - buffer overflows");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL
implementation included in the MySQL database package, which could
lead to denial of service and possibly the execution of arbitrary
code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2008/dsa-1478"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the mysql-dfsg-5.0 package.

The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.

For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"libmysqlclient15-dev", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"libmysqlclient15off", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-client", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-client-5.0", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-common", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-server", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-server-4.1", reference:"5.0.32-7etch5")) flag++;
if (deb_check(release:"4.0", prefix:"mysql-server-5.0", reference:"5.0.32-7etch5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxmysql-dfsg-5.0p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0
debiandebian_linux4.0cpe:/o:debian:debian_linux:4.0

Related

openvas 10
debian 1
nessus 6
altlinux 1
osv 1
ubuntu 2
saint 4
ubuntucve 2
cve 2
cvelist 2
redhatcve 2
packetstorm 2
prion 2
nvd 2
checkpoint_advisories 1
openvas
openvas
Debian Security Advisory DSA 1478-1 (mysql-dfsg-5.0)
2008-01-31 00:00:00
Debian: Security Advisory (DSA-1478-1)
2008-01-31 00:00:00
Mandriva Update for mysql MDVSA-2008:150 (mysql)
2009-04-09 00:00:00
debian
debian
[SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
2008-01-28 20:20:18
nessus
nessus
yaSSL 1.7.5 Buffer Overflow
2012-01-16 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2008:150)
2009-04-23 00:00:00
Ubuntu 6.06 LTS : mysql-dfsg-5.0 regression (USN-588-2)
2008-04-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.51-alt2.a
2008-03-16 00:00:00
osv
osv
mysql-dfsg-5.0 - buffer overflows
2008-01-28 00:00:00
ubuntu
ubuntu
MySQL regression
2008-04-02 00:00:00
MySQL vulnerabilities
2008-03-19 00:00:00
saint
saint
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
MySQL yaSSL SSL Hello message buffer overflow
2008-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2008-0226
2008-01-10 00:00:00
CVE-2008-0227
2008-01-10 00:00:00
cve
cve
CVE-2008-0226
2008-01-10 23:46:00
CVE-2008-0227
2008-01-10 23:46:00
cvelist
cvelist
CVE-2008-0226
2008-01-10 23:00:00
CVE-2008-0227
2008-01-10 23:00:00
redhatcve
redhatcve
CVE-2008-0227
2015-10-30 10:34:04
CVE-2008-0226
2015-10-30 10:34:08
packetstorm
packetstorm
MySQL yaSSL SSL Hello Message Buffer Overflow
2009-10-27 00:00:00
MySQL yaSSL SSL Hello Message Buffer Overflow
2010-01-27 00:00:00
prion
prion
Code injection
2008-01-10 23:46:00
Buffer overflow
2008-01-10 23:46:00
nvd
nvd
CVE-2008-0227
2008-01-10 23:46:00
CVE-2008-0226
2008-01-10 23:46:00
checkpoint_advisories
checkpoint_advisories
MySQL yaSSL SSL Hello Message Buffer Overflow (CVE-2008-0226)
2009-11-10 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for DEBIAN_DSA-1478.NASL
openvas10debian1nessus6altlinux1osv1ubuntu2saint4ubuntucve2cve2cvelist2redhatcve2packetstorm2prion2nvd2checkpoint_advisories1