F5 Networks BIG-IP Multiple MySQL vulnerabilities CVE-2013-5908, CVE-2014-0401, 2014-0437, 2014-0393, 2014-0386, 2014-0412, 2014-0402 scanne
Reporter | Title | Published | Views | Family All 146 |
---|---|---|---|---|
OpenVAS | Debian Security Advisory DSA 2845-1 (mysql-5.1 - several vulnerabilities) | 17 Jan 201400:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-2845-1) | 16 Jan 201400:00 | – | openvas |
OpenVAS | CentOS Update for mysql CESA-2014:0164 centos6 | 17 Feb 201400:00 | – | openvas |
OpenVAS | Amazon Linux: Security Advisory (ALAS-2014-298) | 8 Sep 201500:00 | – | openvas |
OpenVAS | RedHat Update for mysql RHSA-2014:0164-01 | 13 Feb 201400:00 | – | openvas |
OpenVAS | RedHat Update for mysql RHSA-2014:0164-01 | 13 Feb 201400:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2014-0164) | 6 Oct 201500:00 | – | openvas |
OpenVAS | CentOS Update for mysql CESA-2014:0164 centos6 | 17 Feb 201400:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-2086-1) | 27 Jan 201400:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 2848-1 (mysql-5.5 - several vulnerabilities) | 23 Jan 201400:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K16389.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(82672);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2013-5908", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0437");
script_bugtraq_id(64849, 64877, 64880, 64896, 64898, 64904, 64908);
script_name(english:"F5 Networks BIG-IP : Multiple MySQL vulnerabilities (K16389)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"CVE-2013-5908 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and
earlier allows remote attackers to affect availability via unknown
vectors related to Error Handling.
CVE-2014-0401 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and
earlier allows remote authenticated users to affect availability via
unknown vectors.
CVE-2014-0437 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
CVE-2014-0393 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and
earlier allows remote authenticated users to affect integrity via
unknown vectors related to InnoDB.
CVE-2014-0386 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
CVE-2014-0412 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to InnoDB.
CVE-2014-0402 Unspecified vulnerability in the MySQL Server component
in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and
earlier allows remote authenticated users to affect availability via
unknown vectors related to Locking."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K16389"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K16389."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K16389";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.5.2");
vmatrix["AFM"]["unaffected"] = make_list("11.6.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.4.0-11.5.2");
vmatrix["AM"]["unaffected"] = make_list("11.6.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.0.0-11.5.2","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("11.6.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.5.2","10.0.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("11.6.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.5.2");
vmatrix["AVR"]["unaffected"] = make_list("11.6.0");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.5.2","10.0.0-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.6.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.0.0-11.5.2","10.0.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("11.6.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.5.2","10.0.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("11.6.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.5.2");
vmatrix["PEM"]["unaffected"] = make_list("11.6.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo