Lucene search
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_622B5C47855B11EAA5E2D4C9EF517024.NASLHistoryApr 24, 2020 - 12:00 a.m.
FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)
2020-04-2400:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
7 High
AI Score
Confidence
Low
Oracle reports :
This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2020 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include('compat.inc');
if (description)
{
script_id(135942);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/01");
script_cve_id(
"CVE-2020-2752",
"CVE-2020-2875",
"CVE-2020-2922",
"CVE-2020-2933",
"CVE-2020-2934"
);
script_xref(name:"IAVA", value:"2020-A-0143-S");
script_name(english:"FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)");
script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related
updates.");
script_set_attribute(attribute:"description", value:
"Oracle reports :
This Critical Patch Update contains 45 new security patches for Oracle
MySQL. 9 of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without
requiring user credentials.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2020.html");
# https://vuxml.freebsd.org/freebsd/622b5c47-855b-11ea-a5e2-d4c9ef517024.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b429f05");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2934");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql-connector-c");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql-connector-c++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql-connector-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql56-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql57-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql80-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:percona55-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:percona56-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:percona57-client");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FreeBSD Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"mysql56-client<5.6.48")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql57-client<5.7.30")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql80-client<8.0.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql-connector-c<8.0.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql-connector-c++<8.0.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mysql-connector-java<8.0.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"percona55-client<5.5.68")) flag++;
if (pkg_test(save_report:TRUE, pkg:"percona56-client<5.6.48")) flag++;
if (pkg_test(save_report:TRUE, pkg:"percona57-client<5.7.30")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| freebsd | freebsd | mysql-connector-c | p-cpe:/a:freebsd:freebsd:mysql-connector-c |
| freebsd | freebsd | mysql-connector-c%2b%2b | p-cpe:/a:freebsd:freebsd:mysql-connector-c%2b%2b |
| freebsd | freebsd | mysql-connector-java | p-cpe:/a:freebsd:freebsd:mysql-connector-java |
| freebsd | freebsd | mysql56-client | p-cpe:/a:freebsd:freebsd:mysql56-client |
| freebsd | freebsd | mysql57-client | p-cpe:/a:freebsd:freebsd:mysql57-client |
| freebsd | freebsd | mysql80-client | p-cpe:/a:freebsd:freebsd:mysql80-client |
| freebsd | freebsd | percona55-client | p-cpe:/a:freebsd:freebsd:percona55-client |
| freebsd | freebsd | percona56-client | p-cpe:/a:freebsd:freebsd:percona56-client |
| freebsd | freebsd | percona57-client | p-cpe:/a:freebsd:freebsd:percona57-client |
| freebsd | freebsd | cpe:/o:freebsd:freebsd |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934
www.nessus.org/u?6b429f05
www.oracle.com/security-alerts/cpujan2020.html
Related
freebsd
freebsd
MySQL Client -- Multiple vulerabilities
2020-04-14 00:00:00
nessus
nessus
Oracle MySQL Connectors (Apr 2020 CPU)
2020-04-15 00:00:00
SUSE SLED12 / SLES12 Security Update : mysql-connector-java (SUSE-SU-2021:2877-1)
2021-08-31 00:00:00
openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:2622-1)
2021-08-06 00:00:00
openvas
openvas
Debian LTS: Security Advisory for mysql-connector-java (DLA-2245-1)
2020-06-12 00:00:00
Debian: Security Advisory for mysql-connector-java (DSA-4703-1)
2020-06-12 00:00:00
Fedora: Security Advisory for galera (FEDORA-2020-35f52d9370)
2020-06-23 00:00:00
debian
debian
[SECURITY] [DSA 4703-1] mysql-connector-java security update
2020-06-11 17:47:17
[SECURITY] [DLA 2245-1] mysql-connector-java security update
2020-06-11 18:29:24
suse
suse
Security update for mysql-connector-java (moderate)
2021-08-10 00:00:00
Security update for mysql-connector-java (moderate)
2021-08-05 00:00:00
Security update for mariadb (moderate)
2020-06-26 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33
2020-09-25 17:06:39
[SECURITY] Fedora 32 Update: mysql-connector-java-8.0.21-1.fc32
2020-09-03 16:40:47
[SECURITY] Fedora 32 Update: mariadb-connector-c-3.1.8-1.fc32
2020-06-16 01:32:44
osv
osv
mysql-connector-java - security update
2020-06-11 00:00:00
mysql-connector-java - security update
2020-06-11 00:00:00
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
almalinux
almalinux
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
Important: mysql:8.0 security update
2020-09-14 12:23:24
oraclelinux
oraclelinux
mariadb-connector-c security, bug fix, and enhancement update
2020-12-18 00:00:00
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb:10.3 security, bug fix, and enhancement update
2020-12-18 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2020-04-15 14:15:00
Design/Logic Flaw
2020-04-15 14:15:00
Design/Logic Flaw
2020-04-15 14:15:00
debiancve
debiancve
amazon
amazon
Medium: mysql-connector-java
2023-04-13 19:28:00
Important: mariadb
2020-10-22 18:28:00
redhatcve
redhatcve
cve
cve
redhat
redhat
veracode
veracode
Information Disclosure
2020-08-20 02:26:03
Denial Of Service (DoS)
2020-09-14 04:14:37
Denial Of Service (DoS)
2020-08-06 21:32:51
rocky
rocky
mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
mariadb:10.3 security and bug fix update
2019-11-05 20:53:43
mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
ibm
ibm
mariadbunix
mariadbunix
CVE-2020-2752
2020-04-15 14:15:25
CVE-2020-2922
2020-04-15 14:15:00
mageia
mageia
Updated mysql-connector-java package fixes security vulnerability
2020-09-21 22:45:58
Updated mariadb packages fix security vulnerability
2020-07-07 14:13:48
alpinelinux
alpinelinux
CVE-2020-2752
2020-04-15 14:15:00
f5
f5
K33522171 : Multiple MySQL vulnerabilities
2022-01-12 00:00:00
slackware
slackware
[slackware-security] mariadb
2020-05-13 00:12:02
photon
photon
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.46-alt1
2020-09-15 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.4.13-alt1
2020-07-02 00:00:00
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2020-12-07 00:00:00
MySQL: Multiple vulnerabilities
2021-05-26 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2020-10-27 00:00:00
MySQL vulnerabilities
2020-05-04 00:00:00
centos
centos
mariadb security update
2020-04-08 18:46:49
mariadb security update
2020-10-20 18:30:49