Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL
HistoryApr 21, 2021 - 12:00 a.m.

FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)

2021-04-2100:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

7.5 High

AI Score

Confidence

Low

JSON

Oracle reports :

This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8.

MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2021 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(148869);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/03");

  script_cve_id(
    "CVE-2020-1971",
    "CVE-2020-28196",
    "CVE-2020-8277",
    "CVE-2021-2144",
    "CVE-2021-2146",
    "CVE-2021-2154",
    "CVE-2021-2160",
    "CVE-2021-2162",
    "CVE-2021-2164",
    "CVE-2021-2166",
    "CVE-2021-2169",
    "CVE-2021-2170",
    "CVE-2021-2171",
    "CVE-2021-2172",
    "CVE-2021-2174",
    "CVE-2021-2178",
    "CVE-2021-2179",
    "CVE-2021-2180",
    "CVE-2021-2193",
    "CVE-2021-2194",
    "CVE-2021-2196",
    "CVE-2021-2201",
    "CVE-2021-2202",
    "CVE-2021-2203",
    "CVE-2021-2208",
    "CVE-2021-2212",
    "CVE-2021-2213",
    "CVE-2021-2215",
    "CVE-2021-2217",
    "CVE-2021-2226",
    "CVE-2021-2230",
    "CVE-2021-2232",
    "CVE-2021-2278",
    "CVE-2021-2293",
    "CVE-2021-2298",
    "CVE-2021-2299",
    "CVE-2021-2300",
    "CVE-2021-2301",
    "CVE-2021-2304",
    "CVE-2021-2305",
    "CVE-2021-2307",
    "CVE-2021-2308",
    "CVE-2021-23841",
    "CVE-2021-3449"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)");

  script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related
updates.");
  script_set_attribute(attribute:"description", value:
"Oracle reports :

This Critical Patch Update contains 49 new security patches for Oracle
MySQL. 10 of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without
requiring user credentials. The highest CVSS v3.1 Base Score of
vulnerabilities affecting Oracle MySQL is 9.8.

MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2021.html");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-10510-release-notes/");
  # https://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?749306cb");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2144");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb103-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb104-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb105-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql56-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql57-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql80-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FreeBSD Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"mariadb103-server<10.3.29")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mariadb104-server<10.4.19")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mariadb105-server<10.5.10")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql56-server<5.6.52")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql57-server<5.7.34")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql80-server<8.0.24")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdmariadb103-serverp-cpe:/a:freebsd:freebsd:mariadb103-server
freebsdfreebsdmariadb104-serverp-cpe:/a:freebsd:freebsd:mariadb104-server
freebsdfreebsdmariadb105-serverp-cpe:/a:freebsd:freebsd:mariadb105-server
freebsdfreebsdmysql56-serverp-cpe:/a:freebsd:freebsd:mysql56-server
freebsdfreebsdmysql57-serverp-cpe:/a:freebsd:freebsd:mysql57-server
freebsdfreebsdmysql80-serverp-cpe:/a:freebsd:freebsd:mysql80-server
freebsdfreebsdcpe:/o:freebsd:freebsd

References

Related

freebsd 1
nessus 56
photon 8
ubuntu 4
openvas 42
osv 12
ibm 11
fedora 9
gentoo 4
suse 6
mageia 2
archlinux 2
altlinux 3
kaspersky 1
ubuntucve 5
veracode 3
redhatcve 4
oraclelinux 2
almalinux 2
debian 1
cve 5
cbl_mariner 4
debiancve 4
prion 5
rocky 1
alpinelinux 1
githubexploit 1
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2021-04-20 00:00:00
nessus
nessus
MySQL 8.0.x < 8.0.24 Multiple Vulnerabilities (Apr 2021 CPU)
2021-04-22 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : MySQL vulnerabilities (USN-4952-1)
2021-05-13 00:00:00
Photon OS 3.0: Mysql PHSA-2021-3.0-0231
2021-05-05 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0018
2021-04-27 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0231
2021-05-04 00:00:00
Moderate Photon OS Security Update - PHSA-2021-3.0-0231
2021-05-04 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2021-05-12 00:00:00
MySQL vulnerabilities
2021-10-07 00:00:00
OpenSSL vulnerabilities
2021-02-23 00:00:00
openvas
openvas
Oracle MySQL Server 8.0 <= 8.0.23 Security Update (cpuapr2021) - Linux
2021-04-21 00:00:00
Ubuntu: Security Advisory (USN-4952-1)
2021-05-13 00:00:00
Oracle MySQL Server 8.0 <= 8.0.23 Security Update (cpuapr2021) - Windows
2021-04-21 00:00:00
osv
osv
mysql-5.7, mysql-8.0 vulnerabilities
2021-05-12 16:53:36
mysql-5.7 vulnerabilities
2021-10-07 16:48:49
openssl vulnerabilities
2021-02-23 19:33:18
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a Oracle MySQL vulnerabilities
2021-11-04 15:49:21
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
2021-07-14 18:41:07
Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2020-1971, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
2021-06-29 13:35:06
fedora
fedora
[SECURITY] Fedora 32 Update: community-mysql-8.0.24-1.fc32
2021-05-12 05:35:48
[SECURITY] Fedora 34 Update: community-mysql-8.0.24-1.fc34
2021-05-12 05:44:46
[SECURITY] Fedora 33 Update: community-mysql-8.0.24-1.fc33
2021-05-12 16:13:39
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2021-05-26 00:00:00
OpenSSL: Multiple vulnerabilities
2021-03-31 00:00:00
MIT Kerberos 5: Denial of service
2020-11-16 00:00:00
suse
suse
Security update for mariadb (important)
2021-08-05 00:00:00
Security update for mariadb (important)
2021-08-04 00:00:00
Security update for mariadb (important)
2021-08-05 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2021-05-12 12:56:40
Updated krb5 packages fix a security vulnerability
2021-01-14 18:13:25
archlinux
archlinux
[ASA-202105-14] mariadb: denial of service
2021-05-19 00:00:00
[ASA-202011-18] c-ares: denial of service
2020-11-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.20-alt1
2021-07-14 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt1
2020-11-24 00:00:00
Security fix for the ALT Linux 9 package node version 14.15.1-alt1
2020-11-26 00:00:00
kaspersky
kaspersky
KLA12311 Multiple vulnerabilities in Microsoft Developer Tools
2021-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2021-2278
2021-04-22 00:00:00
CVE-2021-2298
2021-04-22 00:00:00
CVE-2020-28196
2020-11-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-10-18 14:27:53
Denial Of Service
2020-11-24 10:12:56
Denial Of Service (DoS)
2020-12-02 09:51:12
redhatcve
redhatcve
CVE-2021-2293
2021-04-20 20:44:47
CVE-2020-28196
2020-11-24 11:22:53
CVE-2021-2278
2021-04-20 20:44:10
oraclelinux
oraclelinux
krb5 security update
2021-06-11 00:00:00
krb5 security update
2021-05-25 00:00:00
almalinux
almalinux
Moderate: krb5 security update
2021-05-18 05:36:22
Moderate: mysql:8.0 security, bug fix, and enhancement update
2021-09-21 07:13:26
debian
debian
[SECURITY] [DSA 4795-1] krb5 security update
2020-11-21 18:19:03
cve
cve
CVE-2020-28196
2020-11-06 08:15:00
CVE-2021-2217
2021-04-22 22:15:00
CVE-2021-2278
2021-04-22 22:15:00
cbl_mariner
cbl_mariner
CVE-2020-28196 affecting package krb5 1.17-4
2021-11-03 19:21:15
CVE-2021-2293 affecting package mysql 8.0.23-1
2021-08-25 19:57:27
CVE-2021-2217 affecting package mysql 8.0.23-1
2021-08-25 19:57:27
debiancve
debiancve
CVE-2021-2298
2021-04-22 22:15:00
CVE-2021-2278
2021-04-22 22:15:00
CVE-2021-2293
2021-04-22 22:15:00
prion
prion
Code injection
2020-11-06 08:15:00
Code injection
2021-04-22 22:15:00
Code injection
2021-04-22 22:15:00
rocky
rocky
krb5 security update
2021-05-18 05:36:22
alpinelinux
alpinelinux
CVE-2020-28196
2020-11-06 08:15:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Nodejs Node.Js
2020-11-18 10:57:13

7.5 High

AI Score

Confidence

Low

JSON
Related for FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL
freebsd1nessus56photon8ubuntu4openvas42osv12ibm11fedora9gentoo4suse6mageia2archlinux2altlinux3kaspersky1ubuntucve5veracode3redhatcve4oraclelinux2almalinux2debian1cve5cbl_mariner4debiancve4prion5rocky1alpinelinux1githubexploit1