Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2010-11135.NASL
HistoryJul 27, 2010 - 12:00 a.m.

Fedora 13 : mysql-5.1.48-2.fc13 (2010-11135)

2010-07-2700:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON
  • Update to MySQL 5.1.48, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html including a fix for CVE-2010-2008 Related: #614214 - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and
    -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script’s STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig Related: #609734

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-11135.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47840);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-2008");
  script_bugtraq_id(40100, 40106, 40109, 41198);
  script_xref(name:"FEDORA", value:"2010-11135");

  script_name(english:"Fedora 13 : mysql-5.1.48-2.fc13 (2010-11135)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Update to MySQL 5.1.48, for various fixes described at
    http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
    including a fix for CVE-2010-2008 Related: #614214 -
    Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and
    -embedded subpackages, to ensure they are available when
    any subset of mysql RPMs are installed, per revised
    packaging guidelines - Allow init script's
    STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig
    Related: #609734

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=614214"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d544d065"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC13", reference:"mysql-5.1.48-2.fc13")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
}
VendorProductVersionCPE
fedoraprojectfedoramysqlp-cpe:/a:fedoraproject:fedora:mysql
fedoraprojectfedora13cpe:/o:fedoraproject:fedora:13

Related

openvas 17
nessus 7
nvd 1
cve 1
ubuntucve 1
prion 1
cvelist 1
fedora 3
securityvulns 3
ubuntu 2
gentoo 1
openvas
openvas
Mandriva Update for mysql MDVSA-2010:155 (mysql)
2010-08-24 00:00:00
MySQL 'ALTER DATABASE' Remote DoS Vulnerability
2010-07-19 00:00:00
Mandriva Update for mysql MDVSA-2010:155 (mysql)
2010-08-24 00:00:00
nessus
nessus
MySQL Community Server < 5.1.48 Denial of Service
2010-06-29 00:00:00
Fedora 12 : mysql-5.1.47-2.fc12 (2010-11126)
2010-08-03 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2010:155-1)
2010-08-23 00:00:00
nvd
nvd
CVE-2010-2008
2010-07-13 20:30:01
cve
cve
CVE-2010-2008
2010-07-13 20:30:01
ubuntucve
ubuntucve
CVE-2010-2008
2010-07-13 00:00:00
prion
prion
Command injection
2010-07-13 20:30:00
cvelist
cvelist
CVE-2010-2008
2010-07-13 20:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: mysql-5.1.48-2.fc13
2010-07-27 02:41:30
[SECURITY] Fedora 12 Update: mysql-5.1.47-2.fc12
2010-08-03 00:36:28
[SECURITY] Fedora 13 Update: mysql-5.1.50-2.fc13
2010-10-05 09:34:37
securityvulns
securityvulns
[ MDVSA-2010:155-1 ] mysql
2010-11-09 00:00:00
[USN-1017-1] MySQL vulnerabilities
2010-11-15 00:00:00
MySQL multiple security vulnerabilities
2010-11-15 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2010-11-11 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for FEDORA_2010-11135.NASL
openvas17nessus7nvd1cve1ubuntucve1prion1cvelist1fedora3securityvulns3ubuntu2gentoo1