Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_4FBA07CA13AA11EBB31ED4C9EF517024.NASL
HistoryOct 22, 2020 - 12:00 a.m.

FreeBSD : MySQL -- Multiple vulnerabilities (4fba07ca-13aa-11eb-b31e-d4c9ef517024)

2020-10-2200:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

Oracle reports :

This Critical Patch Update contains 48 new security patches for Oracle MySQL.

The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 8.

NOTE: MariaDB only contains CVE-2020-14812 CVE-2020-14765 CVE-2020-14776 and CVE-2020-14789

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2020 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(141793);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/19");

  script_cve_id("CVE-2020-14672", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14771", "CVE-2020-14773", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14804", "CVE-2020-14809", "CVE-2020-14812", "CVE-2020-14814", "CVE-2020-14821", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14873", "CVE-2020-14878", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893");
  script_xref(name:"IAVA", value:"2020-A-0473-S");

  script_name(english:"FreeBSD : MySQL -- Multiple vulnerabilities (4fba07ca-13aa-11eb-b31e-d4c9ef517024)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Oracle reports :

This Critical Patch Update contains 48 new security patches for Oracle
MySQL.

The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
MySQL is 8.

NOTE: MariaDB only contains CVE-2020-14812 CVE-2020-14765
CVE-2020-14776 and CVE-2020-14789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"
  );
  # https://vuxml.freebsd.org/freebsd/4fba07ca-13aa-11eb-b31e-d4c9ef517024.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?620f7075"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14878");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb103-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb104-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb105-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql56-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql57-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql80-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"mariadb103-server<10.3.26")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mariadb104-server<10.4.16")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mariadb105-server<10.5.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql56-server<5.6.50")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql57-server<5.7.32")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql80-server<8.0.22")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdmariadb103-serverp-cpe:/a:freebsd:freebsd:mariadb103-server
freebsdfreebsdmariadb104-serverp-cpe:/a:freebsd:freebsd:mariadb104-server
freebsdfreebsdmariadb105-serverp-cpe:/a:freebsd:freebsd:mariadb105-server
freebsdfreebsdmysql56-serverp-cpe:/a:freebsd:freebsd:mysql56-server
freebsdfreebsdmysql57-serverp-cpe:/a:freebsd:freebsd:mysql57-server
freebsdfreebsdmysql80-serverp-cpe:/a:freebsd:freebsd:mysql80-server
freebsdfreebsdcpe:/o:freebsd:freebsd

References

Related

nessus 34
ubuntu 1
ibm 2
freebsd 1
osv 23
photon 7
fedora 12
amazon 1
mageia 1
altlinux 2
suse 3
debian 1
redhat 2
almalinux 1
oraclelinux 1
rocky 1
redhatcve 20
ubuntucve 16
cve 11
prion 16
debiancve 16
veracode 13
cbl_mariner 13
gentoo 1
nessus
nessus
Photon OS 3.0: Mysql PHSA-2020-3.0-0160
2020-11-10 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : MySQL vulnerabilities (USN-4604-1)
2020-10-27 00:00:00
MySQL 8.0.x < 8.0.22 Multiple Vulnerabilities (Oct 2020 CPU)
2020-10-22 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2020-10-27 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
2021-06-22 18:08:38
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL
2021-08-25 20:23:17
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2020-10-20 00:00:00
osv
osv
mysql-5.7, mysql-8.0 vulnerabilities
2020-10-27 10:46:47
mariadb-10.1 - security update
2021-01-31 00:00:00
Moderate: mysql:8.0 security, bug fix, and enhancement update
2021-09-21 07:13:26
photon
photon
Important Photon OS Security Update - PHSA-2020-0160
2020-11-06 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0160
2020-11-06 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0294
2020-11-06 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: community-mysql-8.0.22-1.fc31
2020-11-07 00:23:11
[SECURITY] Fedora 33 Update: community-mysql-8.0.22-1.fc33
2020-11-06 01:15:28
[SECURITY] Fedora 32 Update: community-mysql-8.0.22-1.fc32
2020-11-06 01:23:03
amazon
amazon
Medium: mysql56
2021-01-12 22:51:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2020-11-08 17:14:27
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.17-alt1
2020-11-13 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.48-alt1
2020-12-14 00:00:00
suse
suse
Security update for mariadb (moderate)
2020-11-28 00:00:00
Security update for mariadb (important)
2020-12-15 00:00:00
Security update for mariadb (moderate)
2020-12-02 00:00:00
debian
debian
[SECURITY] [DLA 2538-1] mariadb-10.1 security update
2021-01-31 21:54:33
redhat
redhat
(RHSA-2021:3811) Moderate: rh-mysql80-mysql security, bug fix, and enhancement update
2021-10-12 13:49:17
(RHSA-2021:3590) Moderate: mysql:8.0 security, bug fix, and enhancement update
2021-09-21 07:13:26
almalinux
almalinux
Moderate: mysql:8.0 security, bug fix, and enhancement update
2021-09-21 07:13:26
oraclelinux
oraclelinux
mysql:8.0 security, bug fix, and enhancement update
2021-09-23 00:00:00
rocky
rocky
mysql:8.0 security, bug fix, and enhancement update
2021-09-21 07:13:26
redhatcve
redhatcve
CVE-2020-14760
2020-10-22 20:34:14
CVE-2020-14771
2020-10-22 20:34:19
CVE-2020-14845
2020-10-22 20:35:02
ubuntucve
ubuntucve
CVE-2020-14771
2020-10-21 00:00:00
CVE-2020-14760
2020-10-21 00:00:00
CVE-2020-14791
2020-10-21 00:00:00
cve
cve
CVE-2020-14760
2020-10-21 15:15:00
CVE-2020-14771
2020-10-21 15:15:00
CVE-2020-14785
2020-10-21 15:15:00
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
Code injection
2020-10-21 15:15:00
Code injection
2020-10-21 15:15:00
debiancve
debiancve
CVE-2020-14800
2020-10-21 15:15:00
CVE-2020-14827
2020-10-21 15:15:00
CVE-2020-14799
2020-10-21 15:15:00
veracode
veracode
Denial Of Service (DoS)
2021-10-18 14:27:22
Denial Of Service (DoS)
2020-10-28 11:03:52
Denial Of Service (DoS)
2021-10-18 14:27:23
cbl_mariner
cbl_mariner
CVE-2020-14873 affecting package mysql 8.0.21-1
2021-08-25 19:57:27
CVE-2020-14771 affecting package mysql 8.0.21-1
2021-08-25 19:57:27
CVE-2020-14836 affecting package mysql 8.0.21-1
2021-08-25 19:57:27
gentoo
gentoo
MySQL: Multiple vulnerabilities
2021-05-26 00:00:00
JSON
Related for FREEBSD_PKG_4FBA07CA13AA11EBB31ED4C9EF517024.NASL
nessus34ubuntu1ibm2freebsd1osv23photon7fedora12amazon1mageia1altlinux2suse3debian1redhat2almalinux1oraclelinux1rocky1redhatcve20ubuntucve16cve11prion16debiancve16veracode13cbl_mariner13gentoo1