Mac OS X Multiple Vulnerabilities (Security Update 2011-004)
2011-06-24T00:00:00
ID MACOSX_SECUPD2011-004.NASL Type nessus Reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. Modified 2019-11-02T00:00:00
Description
The remote host is running a version of Mac OS X 10.5 that does not
have Security Update 2011-004 applied. This update contains security-
related fixes for the following components :
AirPort
App Store
ColorSync
CoreGraphics
ImageIO
Libsystem
libxslt
MySQL
patch
Samba
servermgrd
subversion
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55415);
script_version("1.14");
script_cvs_date("Date: 2018/07/14 1:59:35");
script_cve_id(
"CVE-2010-2632",
"CVE-2010-3069",
"CVE-2010-3677",
"CVE-2010-3682",
"CVE-2010-3833",
"CVE-2010-3834",
"CVE-2010-3835",
"CVE-2010-3836",
"CVE-2010-3837",
"CVE-2010-3838",
"CVE-2010-4651",
"CVE-2011-0195",
"CVE-2011-0196",
"CVE-2011-0197",
"CVE-2011-0200",
"CVE-2011-0202",
"CVE-2011-0204",
"CVE-2011-0205",
"CVE-2011-0212",
"CVE-2011-0715",
"CVE-2011-0719"
);
script_bugtraq_id(
42599,
42646,
43212,
43676,
43819,
46597,
46734,
46768,
47668,
48415,
48416,
48427,
48437,
48439,
48443,
48445
);
script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)");
script_summary(english:"Check for the presence of Security Update 2011-004");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes several
security issues.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.5 that does not
have Security Update 2011-004 applied. This update contains security-
related fixes for the following components :
- AirPort
- App Store
- ColorSync
- CoreGraphics
- ImageIO
- Libsystem
- libxslt
- MySQL
- patch
- Samba
- servermgrd
- subversion");
script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4723");
script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html");
script_set_attribute(attribute:"solution", value:"Install Security Update 2011-004 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/24");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/packages", "Host/MacOSX/Version");
exit(0);
}
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
os = get_kb_item("Host/MacOSX/Version");
if (!os) exit(0, "The host does not appear to be running Mac OS X.");
if (ereg(pattern:"Mac OS X 10\.5([^0-9]|$)", string:os))
{
packages = get_kb_item("Host/MacOSX/packages/boms");
if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2011\.00[4-9]|201[2-9]\.[0-9]+)(\.leopard)?\.bom", string:packages))
exit(0, "The host has Security Update 2011-004 or later installed and therefore is not affected.");
else
security_hole(0);
}
else exit(0, "The host is running "+os+" and therefore is not affected.");
{"id": "MACOSX_SECUPD2011-004.NASL", "bulletinFamily": "scanner", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "description": "The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "published": "2011-06-24T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/55415", "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "type": "nessus", "lastseen": "2019-11-01T02:50:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:apple:mac_os_x"], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "description": "The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:34:39", "references": [{"idList": ["SSV:20665"], "type": "seebug"}, {"idList": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0719", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3834", "CVE-2011-0200"], "type": "cve"}, {"idList": ["USN-1017-1"], "type": "ubuntu"}, {"idList": ["MANDRIVA_MDVSA-2010-223.NASL", "SUSE_11_4_LIBMYSQLCLIENT-DEVEL-110607.NASL", "MYSQL_5_0_92.NASL", "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "MYSQL_5_1_51.NASL", "SUSE_11_3_LIBMYSQLCLIENT-DEVEL-110607.NASL", "MANDRIVA_MDVSA-2010-222.NASL", "DEBIAN_DSA-2143.NASL", "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL", "MYSQL_5_5_6.NASL"], "type": "nessus"}, {"idList": ["SSA-2011-070-01", "SSA-2012-257-02"], "type": "slackware"}, {"idList": ["DEBIAN:DSA-2143-1:3EA54"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310122299", "OPENVAS:1361412562310870356", "OPENVAS:831237", "OPENVAS:1361412562310801571", "OPENVAS:902466", "OPENVAS:1361412562310100900", "OPENVAS:870356", "OPENVAS:1361412562310831243", "OPENVAS:831243", "OPENVAS:1361412562310831237"], "type": "openvas"}, {"idList": ["RHSA-2011:0164", "RHSA-2011:0328", "RHSA-2011:0327", "RHSA-2010:0825"], "type": "redhat"}, {"idList": ["ELSA-2011-0164", "ELSA-2010-0825"], "type": "oraclelinux"}, {"idList": ["SECURITYVULNS:VULN:11486", "SECURITYVULNS:DOC:25886", "SECURITYVULNS:DOC:25125", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:VULN:11243"], "type": "securityvulns"}, {"idList": ["CESA-2010:0825"], "type": "centos"}]}, "score": {"modified": "2019-10-28T20:34:39", "value": 7.8, "vector": "NONE"}}, "hash": "94aca7353c6c5a6ba7f4e5d6a39624db293fa66e2b8678ee0649aada4f0492e2", "hashmap": [{"hash": "6792bfd2dbc5913b41c6e820f05f2bd5", "key": "description"}, {"hash": "fe3894a24882ff161325d6582a9c6a3f", "key": "title"}, {"hash": "a764f43b8040cdc04804fbd35e0ed321", "key": "href"}, {"hash": "18abd598605023785a6ba4eb58a03fe9", "key": "references"}, {"hash": "985a8d1593356d8381e11a34d7019e2c", "key": "published"}, {"hash": "5a4bd22c495ccbe3aa9b54cab81d2473", "key": "cvss"}, {"hash": "9d53a44a39e44a7e03310c99e8c761a8", "key": "cpe"}, {"hash": "7a739cc3e356b4d8f456f1df1cd515d1", "key": "cvelist"}, {"hash": "05a637ebf20912eba531f0f83c603821", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "33343e1ae53d3b18311f8f7cae2b7529", "key": "reporter"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "da517d83d858f6be1760d625ab2c6b35", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/55415", "id": "MACOSX_SECUPD2011-004.NASL", "lastseen": "2019-10-28T20:34:39", "modified": "2019-10-02T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "55415", "published": "2011-06-24T00:00:00", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:34:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:apple:mac_os_x"], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:15:06", "references": [{"idList": ["CESA-2011:0327", "CESA-2010:0825"], "type": "centos"}, {"idList": ["SSV:20665"], "type": "seebug"}, {"idList": ["SECURITYVULNS:DOC:25125", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:VULN:11243"], "type": "securityvulns"}, {"idList": ["USN-1017-1"], "type": "ubuntu"}, {"idList": ["CVE-2010-4651", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2010-3677", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838"], "type": "cve"}, {"idList": ["MACOSX_10_6_8.NASL", "MANDRIVA_MDVSA-2010-223.NASL", "SUSE_11_4_LIBMYSQLCLIENT-DEVEL-110607.NASL", "MYSQL_5_0_92.NASL", "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "MYSQL_5_1_51.NASL", "SUSE_11_3_LIBMYSQLCLIENT-DEVEL-110607.NASL", "MANDRIVA_MDVSA-2010-222.NASL", "DEBIAN_DSA-2143.NASL", "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL"], "type": "nessus"}, {"idList": ["ELSA-2011-0164", "ELSA-2010-0825"], "type": "oraclelinux"}, {"idList": ["SSA-2012-257-02"], "type": "slackware"}, {"idList": ["OPENVAS:1361412562310902466", "OPENVAS:1361412562310122299", "OPENVAS:1361412562310870356", "OPENVAS:831237", "OPENVAS:1361412562310801571", "OPENVAS:1361412562310100900", "OPENVAS:870356", "OPENVAS:1361412562310831243", "OPENVAS:831243", "OPENVAS:1361412562310831237"], "type": "openvas"}, {"idList": ["DEBIAN:BSA-026:33E76", "DEBIAN:DSA-2181-1:9B681", "DEBIAN:DSA-2143-1:3EA54"], "type": "debian"}, {"idList": ["RHSA-2011:0164", "RHSA-2010:0825"], "type": "redhat"}]}, "score": {"modified": "2019-02-21T01:15:06", "value": 7.8, "vector": "NONE"}}, "hash": "e4aabec197ecf3e095ca0e8056033569a1aa62b2e767f05f3de79c2592e9ac66", "hashmap": [{"hash": "fe3894a24882ff161325d6582a9c6a3f", "key": "title"}, {"hash": "91b802f77404aefb19249ff1728658e0", "key": "href"}, {"hash": "271c4e6565afb3850ecb8addb94873fb", "key": "description"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "18abd598605023785a6ba4eb58a03fe9", "key": "references"}, {"hash": "985a8d1593356d8381e11a34d7019e2c", "key": "published"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "9d53a44a39e44a7e03310c99e8c761a8", "key": "cpe"}, {"hash": "7a739cc3e356b4d8f456f1df1cd515d1", "key": "cvelist"}, {"hash": "05a637ebf20912eba531f0f83c603821", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "da517d83d858f6be1760d625ab2c6b35", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55415", "id": "MACOSX_SECUPD2011-004.NASL", "lastseen": "2019-02-21T01:15:06", "modified": "2018-07-14T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "55415", "published": "2011-06-24T00:00:00", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 7, "lastseen": "2019-02-21T01:15:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "edition": 1, "enchantments": {}, "hash": "d1ca2b1f079890476156d85753d1bca9332c4906f54da228c06da5b6aa92209d", "hashmap": [{"hash": "fe3894a24882ff161325d6582a9c6a3f", "key": "title"}, {"hash": "91b802f77404aefb19249ff1728658e0", "key": "href"}, {"hash": "271c4e6565afb3850ecb8addb94873fb", "key": "description"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "18abd598605023785a6ba4eb58a03fe9", "key": "references"}, {"hash": "985a8d1593356d8381e11a34d7019e2c", "key": "published"}, {"hash": "eda6b6cbd16377d59756673c52e7be00", "key": "modified"}, {"hash": "240f68d55c29577c4db877e63bd14f13", "key": "sourceData"}, {"hash": "7a739cc3e356b4d8f456f1df1cd515d1", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "da517d83d858f6be1760d625ab2c6b35", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55415", "id": "MACOSX_SECUPD2011-004.NASL", "lastseen": "2016-09-26T17:24:56", "modified": "2016-05-17T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "55415", "published": "2011-06-24T00:00:00", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/05/17 16:53:09 $\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n script_osvdb_id(\n 67378,\n 67383,\n 67994,\n 68527,\n 69387,\n 69390,\n 69392,\n 69393,\n 69394,\n 69395,\n 70964,\n 71023,\n 71268,\n 72490,\n 73356,\n 73357,\n 73360,\n 73364,\n 73366,\n 73368,\n 73369\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:apple:mac_os_x"], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a6f1c83a53bfb920b3d545259e31d10630d20b0cd8c7caa1c33f8d9630ea98a0", "hashmap": [{"hash": "fe3894a24882ff161325d6582a9c6a3f", "key": "title"}, {"hash": "91b802f77404aefb19249ff1728658e0", "key": "href"}, {"hash": "271c4e6565afb3850ecb8addb94873fb", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "18abd598605023785a6ba4eb58a03fe9", "key": "references"}, {"hash": "985a8d1593356d8381e11a34d7019e2c", "key": "published"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "9d53a44a39e44a7e03310c99e8c761a8", "key": "cpe"}, {"hash": "7a739cc3e356b4d8f456f1df1cd515d1", "key": "cvelist"}, {"hash": "05a637ebf20912eba531f0f83c603821", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "da517d83d858f6be1760d625ab2c6b35", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55415", "id": "MACOSX_SECUPD2011-004.NASL", "lastseen": "2018-08-30T19:44:04", "modified": "2018-07-14T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "55415", "published": "2011-06-24T00:00:00", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:44:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:apple:mac_os_x"], "cvelist": ["CVE-2010-4651", "CVE-2011-0197", "CVE-2011-0196", "CVE-2011-0202", "CVE-2011-0204", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-2632", "CVE-2010-3835", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3836", "CVE-2011-0195", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3834", "CVE-2011-0200", "CVE-2010-3838", "CVE-2011-0205", "CVE-2010-3069"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:12:17", "references": [{"idList": ["SSV:20665"], "type": "seebug"}, {"idList": ["SECURITYVULNS:DOC:25125", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:VULN:11243"], "type": "securityvulns"}, {"idList": ["USN-1017-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-2143-1:3EA54"], "type": "debian"}, {"idList": ["EDB-ID:34506"], "type": "exploitdb"}, {"idList": ["MANDRIVA_MDVSA-2010-223.NASL", "SUSE_11_4_LIBMARIADBCLIENT16-110701.NASL", "MYSQL_5_0_92.NASL", "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "MYSQL_5_1_51.NASL", "MANDRIVA_MDVSA-2010-222.NASL", "DEBIAN_DSA-2143.NASL", "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL", "SUSE_11_LIBMYSQLCLIENT-DEVEL-111013.NASL", "MYSQL_5_5_6.NASL"], "type": "nessus"}, {"idList": ["ELSA-2011-0164", "ELSA-2010-0825"], "type": "oraclelinux"}, {"idList": ["SSA-2012-257-02"], "type": "slackware"}, {"idList": ["OPENVAS:1361412562310902466", "OPENVAS:1361412562310122299", "OPENVAS:1361412562310870356", "OPENVAS:831237", "OPENVAS:1361412562310801571", "OPENVAS:1361412562310100900", "OPENVAS:870356", "OPENVAS:1361412562310831243", "OPENVAS:831243", "OPENVAS:1361412562310831237"], "type": "openvas"}, {"idList": ["CESA-2010:0825"], "type": "centos"}, {"idList": ["CVE-2010-4651", "CVE-2011-0202", "CVE-2010-3837", "CVE-2011-0719", "CVE-2010-3833", "CVE-2011-0212", "CVE-2010-3682", "CVE-2010-3677", "CVE-2011-0715", "CVE-2010-3838"], "type": "cve"}, {"idList": ["RHSA-2011:0164", "RHSA-2010:0825"], "type": "redhat"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "239aa3751cac45f29f0121fdcdc2401c7e6dea576add6544e0f1a03949945504", "hashmap": [{"hash": "6792bfd2dbc5913b41c6e820f05f2bd5", "key": "description"}, {"hash": "fe3894a24882ff161325d6582a9c6a3f", "key": "title"}, {"hash": "91b802f77404aefb19249ff1728658e0", "key": "href"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "18abd598605023785a6ba4eb58a03fe9", "key": "references"}, {"hash": "985a8d1593356d8381e11a34d7019e2c", "key": "published"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "9d53a44a39e44a7e03310c99e8c761a8", "key": "cpe"}, {"hash": "7a739cc3e356b4d8f456f1df1cd515d1", "key": "cvelist"}, {"hash": "05a637ebf20912eba531f0f83c603821", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}, {"hash": "da517d83d858f6be1760d625ab2c6b35", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=55415", "id": "MACOSX_SECUPD2011-004.NASL", "lastseen": "2019-01-16T20:12:17", "modified": "2018-07-14T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "55415", "published": "2011-06-24T00:00:00", "references": ["http://support.apple.com/kb/HT4723", "http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-004)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:12:17"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "9d53a44a39e44a7e03310c99e8c761a8"}, {"key": "cvelist", "hash": "7a739cc3e356b4d8f456f1df1cd515d1"}, {"key": "cvss", "hash": "5a4bd22c495ccbe3aa9b54cab81d2473"}, {"key": "description", "hash": "6792bfd2dbc5913b41c6e820f05f2bd5"}, {"key": "href", "hash": "a764f43b8040cdc04804fbd35e0ed321"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "9415f91090c2218ae67dd519ff399983"}, {"key": "pluginID", "hash": "da517d83d858f6be1760d625ab2c6b35"}, {"key": "published", "hash": "985a8d1593356d8381e11a34d7019e2c"}, {"key": "references", "hash": "18abd598605023785a6ba4eb58a03fe9"}, {"key": "reporter", "hash": "33343e1ae53d3b18311f8f7cae2b7529"}, {"key": "sourceData", "hash": "05a637ebf20912eba531f0f83c603821"}, {"key": "title", "hash": "fe3894a24882ff161325d6582a9c6a3f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "57803c58e266503a7833be891bde0eafb538e491087100dbf36d7cca8444fd5a", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310801571", "OPENVAS:1361412562310831243", "OPENVAS:831243", "OPENVAS:831237", "OPENVAS:1361412562310100900", "OPENVAS:1361412562310831237", "OPENVAS:870356", "OPENVAS:1361412562310122299", "OPENVAS:1361412562310870356", "OPENVAS:902466"]}, {"type": "nessus", "idList": ["MYSQL_5_0_92.NASL", "DEBIAN_DSA-2143.NASL", "MANDRIVA_MDVSA-2010-222.NASL", "SUSE_11_3_LIBMYSQLCLIENT-DEVEL-110607.NASL", "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "MANDRIVA_MDVSA-2010-223.NASL", "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL", "MYSQL_5_5_6.NASL", "SUSE_11_4_LIBMARIADBCLIENT16-110701.NASL", "SUSE_11_3_LIBMYSQLCLUSTERCLIENT16-110706.NASL"]}, {"type": "cve", "idList": ["CVE-2010-4651", "CVE-2010-3682", "CVE-2010-3834", "CVE-2011-0719", "CVE-2010-3833", "CVE-2010-3677", "CVE-2011-0212", "CVE-2010-3836", "CVE-2010-3838", "CVE-2010-3835"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2143-1:3EA54"]}, {"type": "centos", "idList": ["CESA-2010:0825"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0825", "ELSA-2011-0164", "ELSA-2011-0305", "ELSA-2011-0306"]}, {"type": "redhat", "idList": ["RHSA-2010:0825", "RHSA-2011:0164", "RHSA-2011:0306"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26596", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:VULN:11243", "SECURITYVULNS:DOC:25125"]}, {"type": "ubuntu", "idList": ["USN-1017-1"]}, {"type": "seebug", "idList": ["SSV:20665"]}, {"type": "slackware", "idList": ["SSA-2012-257-02"]}, {"type": "gentoo", "idList": ["GLSA-201201-02"]}, {"type": "samba", "idList": ["SAMBA:CVE-2011-0719"]}, {"type": "freebsd", "idList": ["BFDBC7EC-9C3F-11E0-9BEC-6C626DD55A41"]}], "modified": "2019-11-01T02:50:06"}, "score": {"value": 7.6, "vector": "NONE", "modified": "2019-11-01T02:50:06"}, "vulnersScore": 7.6}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55415);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-2632\",\n \"CVE-2010-3069\",\n \"CVE-2010-3677\",\n \"CVE-2010-3682\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-4651\",\n \"CVE-2011-0195\",\n \"CVE-2011-0196\",\n \"CVE-2011-0197\",\n \"CVE-2011-0200\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0205\",\n \"CVE-2011-0212\",\n \"CVE-2011-0715\",\n \"CVE-2011-0719\"\n );\n script_bugtraq_id(\n 42599,\n 42646,\n 43212,\n 43676,\n 43819,\n 46597,\n 46734,\n 46768,\n 47668,\n 48415,\n 48416,\n 48427,\n 48437,\n 48439,\n 48443,\n 48445\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-004)\");\n script_summary(english:\"Check for the presence of Security Update 2011-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2011-004 applied. This update contains security-\nrelated fixes for the following components :\n\n - AirPort\n - App Store\n - ColorSync\n - CoreGraphics\n - ImageIO\n - Libsystem\n - libxslt\n - MySQL\n - patch\n - Samba\n - servermgrd\n - subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4723\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/24\"); \n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/packages\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.5([^0-9]|$)\", string:os))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[4-9]|201[2-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2011-004 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "55415", "cpe": ["cpe:/o:apple:mac_os_x"], "scheme": null}
{"openvas": [{"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "scanner", "description": "The host is running MySQL and is prone to multiple denial of\n service vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2011-01-21T00:00:00", "id": "OPENVAS:1361412562310801571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801571", "title": "MySQL Multiple Denial of Service Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MySQL Multiple Denial of Service Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mysql:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801571\");\n script_version(\"2019-05-13T14:05:09+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 14:05:09 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-01-21 14:38:54 +0100 (Fri, 21 Jan 2011)\");\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3836\",\n \"CVE-2010-3837\", \"CVE-2010-3838\");\n script_bugtraq_id(43676);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"MySQL Multiple Denial of Service Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42875\");\n script_xref(name:\"URL\", value:\"http://bugs.mysql.com/bug.php?id=54568\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to cause a denial of service\n and to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to:\n\n - An error in propagating the type errors, which allows remote attackers\n to cause a denial of service via crafted arguments to extreme-value functions\n such as 'LEAST' or 'GREATEST'.\n\n - An unspecified error in vectors related to materializing a derived table\n that required a temporary table for grouping and user variable\n assignments.\n\n - An error in handling prepared statements that uses GROUP_CONCAT with the\n WITH ROLLUP modifier.\n\n - An error in handling a query that uses the GREATEST or LEAST function\n with a mixed list of numeric and LONGBLOB arguments.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to MySQL version 5.0.92, or 5.1.51 or 5.5.6.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The host is running MySQL and is prone to multiple denial of\n service vulnerabilities.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE))\n exit(0);\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort))\n exit(0);\n\nmysqlVer = eregmatch(pattern:\"([0-9.a-z]+)\", string:mysqlVer);\nif(!isnull(mysqlVer[1]))\n{\n if(version_in_range(version:mysqlVer[1], test_version:\"5.0\",test_version2:\"5.0.91\") ||\n version_in_range(version:mysqlVer[1], test_version:\"5.1\",test_version2:\"5.1.50\") ||\n version_in_range(version:mysqlVer[1], test_version:\"5.5\",test_version2:\"5.5.5\")){\n security_message(sqlPort);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:04:50", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2018-01-04T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831243", "id": "OPENVAS:1361412562310831243", "title": "Mandriva Update for mysql MDVSA-2010:222 (mysql)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:222 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in mysql:\n\n * Joins involving a table with with a unique SET column could cause\n a server crash (CVE-2010-3677).\n \n * Use of TEMPORARY InnoDB tables with nullable columns could cause\n a server crash (CVE-2010-3680).\n \n * The server could crash if there were alternate reads from two\n indexes on a table using the HANDLER interface (CVE-2010-3681).\n \n * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY\n (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).\n \n * During evaluation of arguments to extreme-value functions (such\n as LEAST() and GREATEST()), type errors did not propagate properly,\n causing the server to crash (CVE-2010-3833).\n \n * The server could crash after materializing a derived table that\n required a temporary table for grouping (CVE-2010-3834).\n \n * A user-variable assignment expression that is evaluated in a logical\n expression context can be precalculated in a temporary table for GROUP\n BY. However, when the expression value is used after creation of the\n temporary table, it was re-evaluated, not read from the table and a\n server crash resulted (CVE-2010-3835).\n \n * Pre-evaluation of LIKE predicates during view preparation could\n cause a server crash (CVE-2010-3836).\n \n * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash\n (CVE-2010-3837).\n \n * Queries could cause a server crash if the GREATEST() or LEAST()\n function had a mixed list of numeric and LONGBLOB arguments, and\n the result of such a function was processed using an intermediate\n temporary table (CVE-2010-3838).\n \n * Queries with nested joins could cause an infinite loop in the\n server when used from stored procedures and prepared statements\n (CVE-2010-3839).\n \n * The PolyFromWKB() function could crash the server when improper\n WKB data was passed to the function (CVE-2010-3840).\n \n Additionally the default behaviour of using the mysqlmanager instead\n of the mysqld_safe script has been reverted in the SysV init script\n because of instability issues with the mysqlmanager.\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been upgraded to mysql 5.0.91 and patched\n to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831243\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:222\");\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:222 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:47", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2017-12-15T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831243", "id": "OPENVAS:831243", "title": "Mandriva Update for mysql MDVSA-2010:222 (mysql)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:222 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in mysql:\n\n * Joins involving a table with with a unique SET column could cause\n a server crash (CVE-2010-3677).\n \n * Use of TEMPORARY InnoDB tables with nullable columns could cause\n a server crash (CVE-2010-3680).\n \n * The server could crash if there were alternate reads from two\n indexes on a table using the HANDLER interface (CVE-2010-3681).\n \n * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY\n (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).\n \n * During evaluation of arguments to extreme-value functions (such\n as LEAST() and GREATEST()), type errors did not propagate properly,\n causing the server to crash (CVE-2010-3833).\n \n * The server could crash after materializing a derived table that\n required a temporary table for grouping (CVE-2010-3834).\n \n * A user-variable assignment expression that is evaluated in a logical\n expression context can be precalculated in a temporary table for GROUP\n BY. However, when the expression value is used after creation of the\n temporary table, it was re-evaluated, not read from the table and a\n server crash resulted (CVE-2010-3835).\n \n * Pre-evaluation of LIKE predicates during view preparation could\n cause a server crash (CVE-2010-3836).\n \n * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash\n (CVE-2010-3837).\n \n * Queries could cause a server crash if the GREATEST() or LEAST()\n function had a mixed list of numeric and LONGBLOB arguments, and\n the result of such a function was processed using an intermediate\n temporary table (CVE-2010-3838).\n \n * Queries with nested joins could cause an infinite loop in the\n server when used from stored procedures and prepared statements\n (CVE-2010-3839).\n \n * The PolyFromWKB() function could crash the server when improper\n WKB data was passed to the function (CVE-2010-3840).\n \n Additionally the default behaviour of using the mysqlmanager instead\n of the mysqld_safe script has been reverted in the SysV init script\n because of instability issues with the mysqlmanager.\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been upgraded to mysql 5.0.91 and patched\n to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00008.php\");\n script_id(831243);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:222\");\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:222 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.91~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql15\", rpm:\"libmysql15~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql15\", rpm:\"lib64mysql15~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.0.91~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:55:28", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2018-01-24T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831237", "id": "OPENVAS:1361412562310831237", "type": "openvas", "title": "Mandriva Update for mysql MDVSA-2010:223 (mysql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:223 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in mysql:\n\n * During evaluation of arguments to extreme-value functions (such\n as LEAST() and GREATEST()), type errors did not propagate properly,\n causing the server to crash (CVE-2010-3833).\n \n * The server could crash after materializing a derived table that\n required a temporary table for grouping (CVE-2010-3834).\n \n * A user-variable assignment expression that is evaluated in a logical\n expression context can be precalculated in a temporary table for GROUP\n BY. However, when the expression value is used after creation of the\n temporary table, it was re-evaluated, not read from the table and a\n server crash resulted (CVE-2010-3835).\n \n * Pre-evaluation of LIKE predicates during view preparation could\n cause a server crash (CVE-2010-3836).\n \n * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash\n (CVE-2010-3837).\n \n * Queries could cause a server crash if the GREATEST() or LEAST()\n function had a mixed list of numeric and LONGBLOB arguments, and\n the result of such a function was processed using an intermediate\n temporary table (CVE-2010-3838).\n \n * Queries with nested joins could cause an infinite loop in the\n server when used from stored procedures and prepared statements\n (CVE-2010-3839).\n \n * The PolyFromWKB() function could crash the server when improper\n WKB data was passed to the function (CVE-2010-3840).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831237\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:223\");\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:223 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_pbxt\", rpm:\"mysql-plugin_pbxt~1.0.10~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_pinba\", rpm:\"mysql-plugin_pinba~0.0.5~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_revision\", rpm:\"mysql-plugin_revision~0.1~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_sphinx\", rpm:\"mysql-plugin_sphinx~0.9.9~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_spider\", rpm:\"mysql-plugin_spider~2.13~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:48", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2017-12-25T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831237", "id": "OPENVAS:831237", "title": "Mandriva Update for mysql MDVSA-2010:223 (mysql)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mysql MDVSA-2010:223 (mysql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in mysql:\n\n * During evaluation of arguments to extreme-value functions (such\n as LEAST() and GREATEST()), type errors did not propagate properly,\n causing the server to crash (CVE-2010-3833).\n \n * The server could crash after materializing a derived table that\n required a temporary table for grouping (CVE-2010-3834).\n \n * A user-variable assignment expression that is evaluated in a logical\n expression context can be precalculated in a temporary table for GROUP\n BY. However, when the expression value is used after creation of the\n temporary table, it was re-evaluated, not read from the table and a\n server crash resulted (CVE-2010-3835).\n \n * Pre-evaluation of LIKE predicates during view preparation could\n cause a server crash (CVE-2010-3836).\n \n * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash\n (CVE-2010-3837).\n \n * Queries could cause a server crash if the GREATEST() or LEAST()\n function had a mixed list of numeric and LONGBLOB arguments, and\n the result of such a function was processed using an intermediate\n temporary table (CVE-2010-3838).\n \n * Queries with nested joins could cause an infinite loop in the\n server when used from stored procedures and prepared statements\n (CVE-2010-3839).\n \n * The PolyFromWKB() function could crash the server when improper\n WKB data was passed to the function (CVE-2010-3840).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mysql on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00009.php\");\n script_id(831237);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:223\");\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"Mandriva Update for mysql MDVSA-2010:223 (mysql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_pbxt\", rpm:\"mysql-plugin_pbxt~1.0.10~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_pinba\", rpm:\"mysql-plugin_pinba~0.0.5~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_revision\", rpm:\"mysql-plugin_revision~0.1~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_sphinx\", rpm:\"mysql-plugin_sphinx~0.9.9~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-plugin_spider\", rpm:\"mysql-plugin_spider~2.13~13.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.46~4.2mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common-core\", rpm:\"mysql-common-core~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-core\", rpm:\"mysql-core~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.7mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysql16\", rpm:\"libmysql16~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-devel\", rpm:\"libmysql-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysql-static-devel\", rpm:\"libmysql-static-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-client\", rpm:\"mysql-client~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-common\", rpm:\"mysql-common~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-doc\", rpm:\"mysql-doc~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-max\", rpm:\"mysql-max~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-extra\", rpm:\"mysql-ndb-extra~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-management\", rpm:\"mysql-ndb-management~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-storage\", rpm:\"mysql-ndb-storage~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-ndb-tools\", rpm:\"mysql-ndb-tools~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql16\", rpm:\"lib64mysql16~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-devel\", rpm:\"lib64mysql-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64mysql-static-devel\", rpm:\"lib64mysql-static-devel~5.1.42~0.7mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-07-17T14:31:37", "bulletinFamily": "scanner", "description": "MySQL is prone to multiple denial-of-service vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2010-11-10T00:00:00", "id": "OPENVAS:1361412562310100900", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100900", "title": "Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mysql:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100900\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-11-10 13:18:12 +0100 (Wed, 10 Nov 2010)\");\n script_bugtraq_id(43676);\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\",\n \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/43676\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"mysql_version.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\");\n\n script_tag(name:\"summary\", value:\"MySQL is prone to multiple denial-of-service vulnerabilities.\");\n script_tag(name:\"impact\", value:\"An attacker can exploit these issues to crash the database, denying\naccess to legitimate users.\");\n script_tag(name:\"affected\", value:\"These issues affect versions prior to MySQL 5.1.51.\");\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))exit(0);\nif(!ver = get_app_version(cpe:CPE, port:port))exit(0);\n\nif(version_in_range(version:ver, test_version:\"5\", test_version2:\"5.1.50\")) {\n security_message(port:port);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-20T13:17:46", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2017-12-19T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870356", "id": "OPENVAS:870356", "title": "RedHat Update for mysql RHSA-2010:0825-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2010:0825-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. It consists of\n the MySQL server daemon (mysqld) and many client programs and libraries.\n\n It was found that the MySQL PolyFromWKB() function did not sanity check\n Well-Known Binary (WKB) data. A remote, authenticated attacker could use\n specially-crafted WKB data to crash mysqld. This issue only caused a\n temporary denial of service, as mysqld was automatically restarted after\n the crash. (CVE-2010-3840)\n \n A flaw was found in the way MySQL processed certain JOIN queries. If a\n stored procedure contained JOIN queries, and that procedure was executed\n twice in sequence, it could cause an infinite loop, leading to excessive\n CPU use (up to 100%). A remote, authenticated attacker could use this flaw\n to cause a denial of service. (CVE-2010-3839)\n \n A flaw was found in the way MySQL processed queries that provide a mixture\n of numeric and longblob data types to the LEAST or GREATEST function. A\n remote, authenticated attacker could use this flaw to crash mysqld. This\n issue only caused a temporary denial of service, as mysqld was\n automatically restarted after the crash. (CVE-2010-3838)\n \n A flaw was found in the way MySQL processed PREPARE statements containing\n both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\n attacker could use this flaw to crash mysqld. This issue only caused a\n temporary denial of service, as mysqld was automatically restarted after\n the crash. (CVE-2010-3837)\n \n It was found that MySQL did not properly pre-evaluate LIKE arguments in\n view prepare mode. A remote, authenticated attacker could possibly use this\n flaw to crash mysqld. (CVE-2010-3836)\n \n A flaw was found in the way MySQL processed statements that assign a value\n to a user-defined variable and that also contain a logical value\n evaluation. A remote, authenticated attacker could use this flaw to crash\n mysqld. This issue only caused a temporary denial of service, as mysqld was\n automatically restarted after the crash. (CVE-2010-3835)\n \n A flaw was found in the way MySQL evaluated the arguments of extreme-value\n functions, such as LEAST and GREATEST. A remote, authenticated attacker\n could use this flaw to crash mysqld. This issue only caused a temporary\n denial of service, as mysqld was automatically restarted after the crash.\n (CVE-2010-3833)\n \n A flaw was found in the way MySQL processed EXPLAIN statements for some\n complex SELECT queries. A remote, authenticated attacker could use this\n flaw to crash mysqld. This issue only caused a temporary denial of servic ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00003.html\");\n script_id(870356);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0825-01\");\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"RedHat Update for mysql RHSA-2010:0825-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-test\", rpm:\"mysql-test~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0825", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122299", "title": "Oracle Linux Local Check: ELSA-2010-0825", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0825.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122299\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0825\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0825 - mysql security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0825\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0825.html\");\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3839\", \"CVE-2010-3840\", \"CVE-2010-3838\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.77~4.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.77~4.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.77~4.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~5.0.77~4.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mysql-test\", rpm:\"mysql-test~5.0.77~4.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-11T11:04:12", "bulletinFamily": "scanner", "description": "Check for the Version of mysql", "modified": "2018-01-10T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870356", "id": "OPENVAS:1361412562310870356", "title": "RedHat Update for mysql RHSA-2010:0825-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2010:0825-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. It consists of\n the MySQL server daemon (mysqld) and many client programs and libraries.\n\n It was found that the MySQL PolyFromWKB() function did not sanity check\n Well-Known Binary (WKB) data. A remote, authenticated attacker could use\n specially-crafted WKB data to crash mysqld. This issue only caused a\n temporary denial of service, as mysqld was automatically restarted after\n the crash. (CVE-2010-3840)\n \n A flaw was found in the way MySQL processed certain JOIN queries. If a\n stored procedure contained JOIN queries, and that procedure was executed\n twice in sequence, it could cause an infinite loop, leading to excessive\n CPU use (up to 100%). A remote, authenticated attacker could use this flaw\n to cause a denial of service. (CVE-2010-3839)\n \n A flaw was found in the way MySQL processed queries that provide a mixture\n of numeric and longblob data types to the LEAST or GREATEST function. A\n remote, authenticated attacker could use this flaw to crash mysqld. This\n issue only caused a temporary denial of service, as mysqld was\n automatically restarted after the crash. (CVE-2010-3838)\n \n A flaw was found in the way MySQL processed PREPARE statements containing\n both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\n attacker could use this flaw to crash mysqld. This issue only caused a\n temporary denial of service, as mysqld was automatically restarted after\n the crash. (CVE-2010-3837)\n \n It was found that MySQL did not properly pre-evaluate LIKE arguments in\n view prepare mode. A remote, authenticated attacker could possibly use this\n flaw to crash mysqld. (CVE-2010-3836)\n \n A flaw was found in the way MySQL processed statements that assign a value\n to a user-defined variable and that also contain a logical value\n evaluation. A remote, authenticated attacker could use this flaw to crash\n mysqld. This issue only caused a temporary denial of service, as mysqld was\n automatically restarted after the crash. (CVE-2010-3835)\n \n A flaw was found in the way MySQL evaluated the arguments of extreme-value\n functions, such as LEAST and GREATEST. A remote, authenticated attacker\n could use this flaw to crash mysqld. This issue only caused a temporary\n denial of service, as mysqld was automatically restarted after the crash.\n (CVE-2010-3833)\n \n A flaw was found in the way MySQL processed EXPLAIN statements for some\n complex SELECT queries. A remote, authenticated attacker could use this\n flaw to crash mysqld. This issue only caused a temporary denial of servic ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-November/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870356\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0825-01\");\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_name(\"RedHat Update for mysql RHSA-2010:0825-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-test\", rpm:\"mysql-test~5.0.77~4.el5_5.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:38", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Mac OS X 10.5.8 Update/Mac OS X Security Update 2011-004.", "modified": "2017-08-28T00:00:00", "published": "2011-08-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902466", "id": "OPENVAS:902466", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_macosx_su11-004.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"ATS,\n MySQL,\n patch,\n Samba,\n Kernel,\n libxslt,\n OpenSSL,\n AirPort,\n ImageIO,\n OpenSSL,\n MobileMe,\n App Store,\n ColorSync,\n QuickLook,\n QuickTime,\n Libsystem,\n FTP Server,\n servermgrd,\n subversion,\n CoreGraphics,\n CoreFoundation,\n Certificate Trust Policy and\n International Components for Unicode.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2011-004\n For updates refer to http://support.apple.com/kb/HT1338\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.5.8 Update/Mac OS X Security Update 2011-004.\";\n\nif(description)\n{\n script_id(902466);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-19 15:17:22 +0200 (Fri, 19 Aug 2011)\");\n script_cve_id(\"CVE-2011-0196\", \"CVE-2011-0197\", \"CVE-2011-0198\", \"CVE-2011-0199\",\n \"CVE-2011-0200\", \"CVE-2011-0201\", \"CVE-2011-0202\", \"CVE-2011-0203\",\n \"CVE-2011-0204\", \"CVE-2011-0205\", \"CVE-2011-0206\", \"CVE-2011-1132\",\n \"CVE-2010-2632\", \"CVE-2011-0195\", \"CVE-2011-0207\", \"CVE-2010-3677\",\n \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\",\n \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2009-3245\",\n \"CVE-2010-0740\", \"CVE-2010-3864\", \"CVE-2010-4180\", \"CVE-2011-0014\",\n \"CVE-2010-4651\", \"CVE-2011-0208\", \"CVE-2011-0209\", \"CVE-2011-0210\",\n \"CVE-2011-0211\", \"CVE-2010-3790\", \"CVE-2011-0213\", \"CVE-2010-3069\",\n \"CVE-2011-0719\", \"CVE-2011-0212\", \"CVE-2011-0715\");\n script_bugtraq_id(48437, 48443, 48436, 48447, 48416, 48426, 48427, 48418, 48437,\n 48439, 48429, 48422, 43819, 47668, 48444, 42646, 42599, 43676,\n 38562, 39013, 44884, 45164, 46264, 46768, 48440, 48419, 48442,\n 48420, 44794, 48430, 43212, 46597, 46734);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1338\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.7\"))\n {\n ## Check for the security update 2011.004\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.004\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-01T02:57:22", "bulletinFamily": "scanner", "description": "The version of MySQL installed on the remote host is older than\n5.0.92. As such, it reportedly is prone to multiple denial of service\nattacks :\n\n - The improper handling of type errors during argument \n evaluation in extreme-value functions, e.g., ", "modified": "2019-11-02T00:00:00", "id": "MYSQL_5_0_92.NASL", "href": "https://www.tenable.com/plugins/nessus/17834", "published": "2012-01-18T00:00:00", "title": "MySQL < 5.0.92 Multiple Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17834);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\"\n );\n script_bugtraq_id(43676);\n\n script_name(english:\"MySQL < 5.0.92 Multiple Denial of Service\");\n script_summary(english:\"Checks version of MySQL server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is vulnerable to multiple denial of\nservice attacks.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is older than\n5.0.92. As such, it reportedly is prone to multiple denial of service\nattacks :\n\n - The improper handling of type errors during argument \n evaluation in extreme-value functions, e.g., 'LEAST()'\n or 'GREATEST()' causes server crashes. (CVE-2010-3833)\n\n - Remote authenticated attackers could crash the server.\n (CVE-2010-3834 & CVE-2010-3836)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused\n server crashes. (CVE-2010-3837)\n\n - The use of an intermediate temporary table and queries\n containing calls to 'GREATEST()' or 'LEAST()', having \n a list of both numeric and 'LONGBLOB' arguments, caused\n server crashes. (CVE-2010-3838)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=55826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=54476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=54461\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640751\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 5.0.92 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.0.92', severity:SECURITY_WARNING, min:'5.0');\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:55:08", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered and corrected in mysql :\n\n - Joins involving a table with with a unique SET column\n could cause a server crash (CVE-2010-3677).\n\n - Use of TEMPORARY InnoDB tables with nullable columns\n could cause a server crash (CVE-2010-3680).\n\n - The server could crash if there were alternate reads\n from two indexes on a table using the HANDLER interface\n (CVE-2010-3681).\n\n - Using EXPLAIN with queries of the form SELECT ... UNION\n ... ORDER BY (SELECT ... WHERE ...) could cause a server\n crash (CVE-2010-3682).\n\n - During evaluation of arguments to extreme-value\n functions (such as LEAST() and GREATEST()), type errors\n did not propagate properly, causing the server to crash\n (CVE-2010-3833).\n\n - The server could crash after materializing a derived\n table that required a temporary table for grouping\n (CVE-2010-3834).\n\n - A user-variable assignment expression that is evaluated\n in a logical expression context can be precalculated in\n a temporary table for GROUP BY. However, when the\n expression value is used after creation of the temporary\n table, it was re-evaluated, not read from the table and\n a server crash resulted (CVE-2010-3835).\n\n - Pre-evaluation of LIKE predicates during view\n preparation could cause a server crash (CVE-2010-3836).\n\n - GROUP_CONCAT() and WITH ROLLUP together could cause a\n server crash (CVE-2010-3837).\n\n - Queries could cause a server crash if the GREATEST() or\n LEAST() function had a mixed list of numeric and\n LONGBLOB arguments, and the result of such a function\n was processed using an intermediate temporary table\n (CVE-2010-3838).\n\n - Queries with nested joins could cause an infinite loop\n in the server when used from stored procedures and\n prepared statements (CVE-2010-3839).\n\n - The PolyFromWKB() function could crash the server when\n improper WKB data was passed to the function\n (CVE-2010-3840).\n\nAdditionally the default behaviour of using the mysqlmanager instead\nof the mysqld_safe script has been reverted in the SysV init script\nbecause of instability issues with the mysqlmanager.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been upgraded to mysql 5.0.91 and patched to\ncorrect these issues.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2010-222.NASL", "href": "https://www.tenable.com/plugins/nessus/50533", "published": "2010-11-10T00:00:00", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:222. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50533);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:53\");\n\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_bugtraq_id(42598, 42599, 42633, 42646, 43676);\n script_xref(name:\"MDVSA\", value:\"2010:222\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mysql (MDVSA-2010:222)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in mysql :\n\n - Joins involving a table with with a unique SET column\n could cause a server crash (CVE-2010-3677).\n\n - Use of TEMPORARY InnoDB tables with nullable columns\n could cause a server crash (CVE-2010-3680).\n\n - The server could crash if there were alternate reads\n from two indexes on a table using the HANDLER interface\n (CVE-2010-3681).\n\n - Using EXPLAIN with queries of the form SELECT ... UNION\n ... ORDER BY (SELECT ... WHERE ...) could cause a server\n crash (CVE-2010-3682).\n\n - During evaluation of arguments to extreme-value\n functions (such as LEAST() and GREATEST()), type errors\n did not propagate properly, causing the server to crash\n (CVE-2010-3833).\n\n - The server could crash after materializing a derived\n table that required a temporary table for grouping\n (CVE-2010-3834).\n\n - A user-variable assignment expression that is evaluated\n in a logical expression context can be precalculated in\n a temporary table for GROUP BY. However, when the\n expression value is used after creation of the temporary\n table, it was re-evaluated, not read from the table and\n a server crash resulted (CVE-2010-3835).\n\n - Pre-evaluation of LIKE predicates during view\n preparation could cause a server crash (CVE-2010-3836).\n\n - GROUP_CONCAT() and WITH ROLLUP together could cause a\n server crash (CVE-2010-3837).\n\n - Queries could cause a server crash if the GREATEST() or\n LEAST() function had a mixed list of numeric and\n LONGBLOB arguments, and the result of such a function\n was processed using an intermediate temporary table\n (CVE-2010-3838).\n\n - Queries with nested joins could cause an infinite loop\n in the server when used from stored procedures and\n prepared statements (CVE-2010-3839).\n\n - The PolyFromWKB() function could crash the server when\n improper WKB data was passed to the function\n (CVE-2010-3840).\n\nAdditionally the default behaviour of using the mysqlmanager instead\nof the mysqld_safe script has been reverted in the SysV init script\nbecause of instability issues with the mysqlmanager.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been upgraded to mysql 5.0.91 and patched to\ncorrect these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=51875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=52711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=53544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64mysql15-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql-devel-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql-static-devel-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libmysql15-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-bench-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-client-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-common-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-doc-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-max-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-extra-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-management-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-storage-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mysql-ndb-tools-5.0.91-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:21:07", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the MySQL database\nserver. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2010-3677\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n via a join query that uses a table with a unique SET\n column.\n\n - CVE-2010-3680\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n by creating temporary tables while using InnoDB, which\n triggers an assertion failure.\n\n - CVE-2010-3681\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n by using the HANDLER interface and performing ", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2143.NASL", "href": "https://www.tenable.com/plugins/nessus/51530", "published": "2011-01-17T00:00:00", "title": "Debian DSA-2143-1 : mysql-dfsg-5.0 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2143. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51530);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/07/15 14:20:29\");\n\n script_cve_id(\"CVE-2010-3677\", \"CVE-2010-3680\", \"CVE-2010-3681\", \"CVE-2010-3682\", \"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3840\");\n script_bugtraq_id(42598, 42599, 42633, 42646, 43676);\n script_xref(name:\"DSA\", value:\"2143\");\n\n script_name(english:\"Debian DSA-2143-1 : mysql-dfsg-5.0 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the MySQL database\nserver. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2010-3677\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n via a join query that uses a table with a unique SET\n column.\n\n - CVE-2010-3680\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n by creating temporary tables while using InnoDB, which\n triggers an assertion failure.\n\n - CVE-2010-3681\n It was discovered that MySQL allows remote authenticated\n users to cause a denial of service (mysqld daemon crash)\n by using the HANDLER interface and performing 'alternate\n reads from two indexes on a table,' which triggers an\n assertion failure.\n\n - CVE-2010-3682\n It was discovered that MySQL incorrectly handled use of\n EXPLAIN with certain queries. An authenticated user\n could crash the server.\n\n - CVE-2010-3833\n It was discovered that MySQL incorrectly handled\n propagation during evaluation of arguments to\n extreme-value functions. An authenticated user could\n crash the server.\n\n - CVE-2010-3834\n It was discovered that MySQL incorrectly handled\n materializing a derived table that required a temporary\n table for grouping. An authenticated user could crash\n the server.\n\n - CVE-2010-3835\n It was discovered that MySQL incorrectly handled certain\n user-variable assignment expressions that are evaluated\n in a logical expression context. An authenticated user\n could crash the server.\n\n - CVE-2010-3836\n It was discovered that MySQL incorrectly handled\n pre-evaluation of LIKE predicates during view\n preparation. An authenticated user could crash the\n server.\n\n - CVE-2010-3837\n It was discovered that MySQL incorrectly handled using\n GROUP_CONCAT() and WITH ROLLUP together. An\n authenticated user could crash the server.\n\n - CVE-2010-3838\n It was discovered that MySQL incorrectly handled certain\n queries using a mixed list of numeric and LONGBLOB\n arguments to the GREATEST() or LEAST() functions. An\n authenticated user could crash the server.\n\n - CVE-2010-3840\n It was discovered that MySQL incorrectly handled\n improper WKB data passed to the PolyFromWKB() function.\n An authenticated user could crash the server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2143\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-dfsg-5.0 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.0.51a-24+lenny5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"mysql-dfsg-5.0\", reference:\"5.0.51a-24+lenny5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:18:02", "bulletinFamily": "scanner", "description": "This MySQL version update to 5.0.94 update fixes the following\nsecurity issues :\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_LIBMYSQLCLIENT-DEVEL-111014.NASL", "href": "https://www.tenable.com/plugins/nessus/57115", "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57115);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n\n script_name(english:\"SuSE 11.1 Security Update : MySQL (SAT Patch Number 5285)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This MySQL version update to 5.0.94 update fixes the following\nsecurity issues :\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=644864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3833.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3834.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3835.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3836.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3837.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3840.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5285.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libmysqlclient_r15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libmysqlclient15-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libmysqlclient_r15-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mysql-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mysql-client-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"libmysqlclient15-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"libmysqlclient_r15-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"mysql-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"mysql-Max-5.0.94-0.2.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"mysql-client-5.0.94-0.2.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:55:08", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered and corrected in mysql :\n\n - During evaluation of arguments to extreme-value\n functions (such as LEAST() and GREATEST()), type errors\n did not propagate properly, causing the server to crash\n (CVE-2010-3833).\n\n - The server could crash after materializing a derived\n table that required a temporary table for grouping\n (CVE-2010-3834).\n\n - A user-variable assignment expression that is evaluated\n in a logical expression context can be precalculated in\n a temporary table for GROUP BY. However, when the\n expression value is used after creation of the temporary\n table, it was re-evaluated, not read from the table and\n a server crash resulted (CVE-2010-3835).\n\n - Pre-evaluation of LIKE predicates during view\n preparation could cause a server crash (CVE-2010-3836).\n\n - GROUP_CONCAT() and WITH ROLLUP together could cause a\n server crash (CVE-2010-3837).\n\n - Queries could cause a server crash if the GREATEST() or\n LEAST() function had a mixed list of numeric and\n LONGBLOB arguments, and the result of such a function\n was processed using an intermediate temporary table\n (CVE-2010-3838).\n\n - Queries with nested joins could cause an infinite loop\n in the server when used from stored procedures and\n prepared statements (CVE-2010-3839).\n\n - The PolyFromWKB() function could crash the server when\n improper WKB data was passed to the function\n (CVE-2010-3840).\n\nThe updated packages have been patched to correct these issues.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2010-223.NASL", "href": "https://www.tenable.com/plugins/nessus/50534", "published": "2010-11-10T00:00:00", "title": "Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:223. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50534);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:53\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n script_bugtraq_id(43676);\n script_xref(name:\"MDVSA\", value:\"2010:223\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in mysql :\n\n - During evaluation of arguments to extreme-value\n functions (such as LEAST() and GREATEST()), type errors\n did not propagate properly, causing the server to crash\n (CVE-2010-3833).\n\n - The server could crash after materializing a derived\n table that required a temporary table for grouping\n (CVE-2010-3834).\n\n - A user-variable assignment expression that is evaluated\n in a logical expression context can be precalculated in\n a temporary table for GROUP BY. However, when the\n expression value is used after creation of the temporary\n table, it was re-evaluated, not read from the table and\n a server crash resulted (CVE-2010-3835).\n\n - Pre-evaluation of LIKE predicates during view\n preparation could cause a server crash (CVE-2010-3836).\n\n - GROUP_CONCAT() and WITH ROLLUP together could cause a\n server crash (CVE-2010-3837).\n\n - Queries could cause a server crash if the GREATEST() or\n LEAST() function had a mixed list of numeric and\n LONGBLOB arguments, and the result of such a function\n was processed using an intermediate temporary table\n (CVE-2010-3838).\n\n - Queries with nested joins could cause an infinite loop\n in the server when used from stored procedures and\n prepared statements (CVE-2010-3839).\n\n - The PolyFromWKB() function could crash the server when\n improper WKB data was passed to the function\n (CVE-2010-3840).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=51875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=53544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=54568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=55826\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-common-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-plugin_pbxt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-plugin_pinba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-plugin_revision\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-plugin_sphinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mysql-plugin_spider\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64mysql16-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql-devel-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql-static-devel-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libmysql16-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-bench-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-client-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-common-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-doc-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-max-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-extra-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-management-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-storage-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mysql-ndb-tools-5.1.42-0.7mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64mysql16-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql-devel-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql-static-devel-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libmysql16-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-bench-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-client-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-common-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-common-core-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-core-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-doc-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-max-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-extra-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-management-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-storage-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mysql-ndb-tools-5.1.42-0.7mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64mysql-devel-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64mysql-static-devel-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64mysql16-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmysql-devel-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmysql-static-devel-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmysql16-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-bench-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-client-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-common-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-common-core-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-core-5.1.46-4.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-plugin_pbxt-1.0.10-13.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-plugin_pinba-0.0.5-13.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-plugin_revision-0.1-13.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-plugin_sphinx-0.9.9-13.2mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mysql-plugin_spider-2.13-13.2mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "MariaDB was updated to version 5.1.55 to fix numerous bugs and\nsecurity issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBMARIADBCLIENT16-110701.NASL", "href": "https://www.tenable.com/plugins/nessus/75582", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmariadbclient16-4830.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75582);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n\n script_name(english:\"openSUSE Security Update : libmariadbclient16 (openSUSE-SU-2011:0743-1)\");\n script_summary(english:\"Check for the libmariadbclient16-4830 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MariaDB was updated to version 5.1.55 to fix numerous bugs and\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmariadbclient16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmariadbclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmariadbclient16-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmariadbclient_r16-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-bench-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-client-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-debug-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-test-5.1.55-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mariadb-tools-5.1.55-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmariadbclient16 / libmariadbclient_r16 / mariadb / mariadb-bench / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "This mysql update fixes the following security issues\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBMYSQLCLIENT-DEVEL-110607.NASL", "href": "https://www.tenable.com/plugins/nessus/75589", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-4676.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75589);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)\");\n script_summary(english:\"Check for the libmysqlclient-devel-4676 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql update fixes the following security issues\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=644864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqlclient-devel-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqlclient16-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqlclient_r16-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqld-devel-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqld0-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-bench-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-client-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-debug-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-test-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-community-server-tools-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libmysqlclient16-32bit-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libmysqlclient_r16-32bit-5.1.57-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:57:22", "bulletinFamily": "scanner", "description": "The version of MySQL Community Server installed on the remote host is\nearlier than 5.1.51 and is, therefore, potentially affected by\nmultiple vulnerabilities:\n\n - A privilege escalation vulnerability exists when using\n statement-based replication. Version specific comments\n used on a master server with a lesser release version\n than its slave can allow the MySQL privilege system on\n the slave server to be subverted. (49124)\n\n - An authenticated user can crash the MySQL server by\n passing improper WKB to the ", "modified": "2019-11-02T00:00:00", "id": "MYSQL_5_1_51.NASL", "href": "https://www.tenable.com/plugins/nessus/49711", "published": "2010-10-05T00:00:00", "title": "MySQL Community Server < 5.1.51 Multiple Vulnerabilities", "type": "nessus", "sourceData": "\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49711);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2009-5026\",\n \"CVE-2010-3833\",\n \"CVE-2010-3834\",\n \"CVE-2010-3835\",\n \"CVE-2010-3836\",\n \"CVE-2010-3837\",\n \"CVE-2010-3838\",\n \"CVE-2010-3839\",\n \"CVE-2010-3840\"\n );\n script_bugtraq_id(43676, 43677);\n script_xref(name:\"Secunia\", value:\"41716\");\n\n script_name(english:\"MySQL Community Server < 5.1.51 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of MySQL 5.1 Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Community Server installed on the remote host is\nearlier than 5.1.51 and is, therefore, potentially affected by\nmultiple vulnerabilities:\n\n - A privilege escalation vulnerability exists when using\n statement-based replication. Version specific comments\n used on a master server with a lesser release version\n than its slave can allow the MySQL privilege system on\n the slave server to be subverted. (49124)\n\n - An authenticated user can crash the MySQL server by\n passing improper WKB to the 'PolyFromWKB()' function.\n (51875)\n\n - The improper handling of type errors during argument\n evaluation in extreme-value functions, e.g., 'LEAST()'\n or 'GREATEST()' caused server crashes. (55826)\n\n - The creation of derived tables needing a temporary\n grouping table caused server crashes. (55568)\n\n - The re-evaluation of a user-variable assignment\n expression after the creation of a temporary table\n caused server crashes. (55564)\n\n - The 'convert_tz()' function can be used to crash the\n server by setting the timezone argument to an empty\n SET column value. (55424)\n\n - The pre-evaluation of 'LIKE' predicates while preparing\n a view caused server crashes. (54568)\n\n - The use of 'GROUP_CONCAT()' and 'WITH ROLLUP' caused\n server crashes. (54476)\n\n - The use of an intermediate temporary table and queries\n containing calls to 'GREATEST()' or 'LEAST()', having\n a list of both numeric and 'LONGBLOB' arguments, caused\n server crashes. (54461)\n\n - The use of nested joins in prepared statements or\n stored procedures could result in infinite loops.\n (53544)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=49124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=51875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=55826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=55568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=55564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=54568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=54476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=54461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.mysql.com/bug.php?id=53544\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL Community Server 5.1.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\nvuln = FALSE;\n\nif (mysql_init(port:port, exit_on_fail:TRUE) == 1)\n{\n variant = mysql_get_variant();\n version = mysql_get_version();\n ver_fields = split(version, sep:'.', keep:FALSE);\n major = int(ver_fields[0]);\n minor = int(ver_fields[1]);\n rev = int(ver_fields[2]);\n\n if (\n !isnull(variant) && \"Community\" >< variant &&\n strlen(version) &&\n major == 5 && minor == 1 && rev < 51\n ) vuln = TRUE;\n\n}\nelse exit(1, \"Can't establish a MySQL connection on port \"+port+\".\");\nmysql_close();\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 5.1.51\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse\n{\n if (isnull(variant)) exit(1, \"Can't determine the variant of MySQL listening on port \"+port+\".\");\n else if (\"Community\" >< variant) exit(0, \"MySQL version \"+version+\" is listening on port \"+port+\" and is not affected.\");\n else exit(0, \"MySQL \"+variant+\" is listening on port \"+port+\" and is not affected.\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:43", "bulletinFamily": "scanner", "description": "This mysql update fixes the following security issues\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_4_LIBMYSQLCLIENT-DEVEL-110607.NASL", "href": "https://www.tenable.com/plugins/nessus/75904", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclient-devel-4676.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75904);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2011:1250-1)\");\n script_summary(english:\"Check for the libmysqlclient-devel-4676 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql update fixes the following security issues\n\n - CVE-2010-3833: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3834: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Insufficient Information\n (CWE-noinfo)\n\n - CVE-2010-3835: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Numeric Errors (CWE-189)\n\n - CVE-2010-3836: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3837: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\n\n - CVE-2010-3838: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2010-3839: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2010-3840: CVSS v2 Base Score: 4.0 (moderate)\n (AV:N/AC:L/Au:S/C:N/I:N/A:P): Other (CWE-Other)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=644864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclient-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r16-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqlclient-devel-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqlclient16-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqlclient16-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqlclient_r16-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqlclient_r16-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqld-devel-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqld0-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libmysqld0-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-bench-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-bench-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-client-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-client-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-debug-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-debug-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-debugsource-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-test-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-test-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-tools-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mysql-community-server-tools-debuginfo-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libmysqlclient16-32bit-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libmysqlclient16-debuginfo-32bit-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libmysqlclient_r16-32bit-5.1.57-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libmysqlclient_r16-debuginfo-32bit-5.1.57-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "This update fixes the following security issue :\n\n - 676974: mysql-cluster: security issues fixed in MySQL\n 5.1.51\n\nThis update also fixes the following non-security issue :\n\n - 635645: mysql init script fails to start when SELinux is\n enabled", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBMYSQLCLUSTERCLIENT16-110706.NASL", "href": "https://www.tenable.com/plugins/nessus/75590", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libmysqlclusterclient16 (openSUSE-SU-2011:0774-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libmysqlclusterclient16-4844.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75590);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2010-3833\", \"CVE-2010-3834\", \"CVE-2010-3835\", \"CVE-2010-3836\", \"CVE-2010-3837\", \"CVE-2010-3838\", \"CVE-2010-3839\", \"CVE-2010-3840\");\n\n script_name(english:\"openSUSE Security Update : libmysqlclusterclient16 (openSUSE-SU-2011:0774-1)\");\n script_summary(english:\"Check for the libmysqlclusterclient16-4844 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issue :\n\n - 676974: mysql-cluster: security issues fixed in MySQL\n 5.1.51\n\nThis update also fixes the following non-security issue :\n\n - 635645: mysql init script fails to start when SELinux is\n enabled\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=635645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libmysqlclusterclient16 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclusterclient16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclusterclient_r16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-ndb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-ndb-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-ndb-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-ndb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-cluster-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqlclusterclient16-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libmysqlclusterclient_r16-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-bench-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-client-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-debug-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-ndb-extra-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-ndb-management-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-ndb-storage-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-ndb-tools-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-test-7.0.25-0.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mysql-cluster-tools-7.0.25-0.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclusterclient16 / libmysqlclusterclient_r16 / mysql-cluster / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:10:33", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.", "modified": "2016-11-28T19:07:00", "id": "CVE-2010-4651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4651", "published": "2011-03-11T22:55:00", "title": "CVE-2010-4651", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:30", "bulletinFamily": "NVD", "description": "Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted \"SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)\" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.\nPer: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'CWE-476: NULL Pointer Dereference'", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3682", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3682", "published": "2011-01-11T20:00:00", "title": "CVE-2010-3682", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:31", "bulletinFamily": "NVD", "description": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\"", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3833", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3833", "published": "2011-01-14T19:01:00", "title": "CVE-2010-3833", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:31", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to \"materializing a derived table that required a temporary table for grouping\" and \"user variable assignments.\"", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3834", "published": "2011-01-14T19:02:00", "title": "CVE-2010-3834", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:30", "bulletinFamily": "NVD", "description": "Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3677", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3677", "published": "2011-01-11T20:00:00", "title": "CVE-2010-3677", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:06", "bulletinFamily": "NVD", "description": "Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.", "modified": "2018-10-30T16:25:00", "id": "CVE-2011-0719", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0719", "published": "2011-03-01T23:00:00", "title": "CVE-2011-0719", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:31", "bulletinFamily": "NVD", "description": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3836", "published": "2011-01-14T19:02:00", "title": "CVE-2010-3836", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.", "modified": "2011-10-27T03:21:00", "id": "CVE-2011-0212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0212", "published": "2011-06-24T20:55:00", "title": "CVE-2011-0212", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:05", "bulletinFamily": "NVD", "description": "Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.", "modified": "2012-02-04T03:56:00", "id": "CVE-2011-0200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0200", "published": "2011-06-24T20:55:00", "title": "CVE-2011-0200", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:31", "bulletinFamily": "NVD", "description": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is \"processed using an intermediate temporary table.\"", "modified": "2018-01-05T02:29:00", "id": "CVE-2010-3838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3838", "published": "2011-01-14T19:02:00", "title": "CVE-2010-3838", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:06", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2143-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nJanuary 14, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-dfsg-5.0\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840\n\n\nSeveral vulnerabilities have been discovered in the MySQL\ndatabase server.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\nCVE-2010-3677\n\n It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) via a join query that uses a\n table with a unique SET column.\n\n\nCVE-2010-3680\n\n It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) by creating temporary tables\n while using InnoDB, which triggers an assertion failure.\n\n\nCVE-2010-3681\n\n It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) by using the HANDLER interface\n and performing "alternate reads from two indexes on a table," which\n triggers an assertion failure.\n\n\nCVE-2010-3682\n\n It was discovered that MySQL incorrectly handled use of EXPLAIN with\n certain queries.\n An authenticated user could crash the server.\n\n\nCVE-2010-3833\n\n It was discovered that MySQL incorrectly handled propagation during\n evaluation of arguments to extreme-value functions.\n An authenticated user could crash the server.\n\n\nCVE-2010-3834\n\n It was discovered that MySQL incorrectly handled materializing a derived\n table that required a temporary table for grouping.\n An authenticated user could crash the server.\n\n\nCVE-2010-3835\n\n It was discovered that MySQL incorrectly handled certain user-variable\n assignment expressions that are evaluated in a logical expression context.\n An authenticated user could crash the server.\n\n\nCVE-2010-3836\n\n It was discovered that MySQL incorrectly handled pre-evaluation of LIKE\n predicates during view preparation.\n An authenticated user could crash the server.\n\n\nCVE-2010-3837\n\n It was discovered that MySQL incorrectly handled using GROUP_CONCAT()\n and WITH ROLLUP together.\n An authenticated user could crash the server.\n\n\nCVE-2010-3838\n\n It was discovered that MySQL incorrectly handled certain queries using a\n mixed list of numeric and LONGBLOB arguments to the GREATEST() or\n LEAST() functions.\n An authenticated user could crash the server.\n\n\nCVE-2010-3840\n\n It was discovered that MySQL incorrectly handled improper WKB data\n passed to the PolyFromWKB() function.\n An authenticated user could crash the server.\n\n\nFor the stable distribution (lenny), these problems have been fixed\nin version 5.0.51a-24+lenny5\n\nThe testing (squeeze) and unstable (sid) distribution do not contain\nmysql-dfsg-5.0 anymore.\n\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "modified": "2011-01-14T09:07:35", "published": "2011-01-14T09:07:35", "id": "DEBIAN:DSA-2143-1:3EA54", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00007.html", "title": "[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:44", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2182-1 security@debian.org\nhttp://www.debian.org/security/ \nMarch 04, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : logwatch\nVulnerability : shell command injection\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0715\nDebian Bug : 615995\n\nDominik George discovered that logwatch does not guard against shell\nmeta-characters in crafted log file names (such as those produced by\nSamba). As a result, an attacker might be able to execute shell\ncommands on the system running logwatch.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.3.6.cvs20080702-2lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.3.6.cvs20090906-1squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 7.3.6.cvs20090906-2.\n\nWe recommend that you upgrade your logwatch packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-03-04T21:02:23", "published": "2011-03-04T21:02:23", "id": "DEBIAN:DSA-2182-1:AF57A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00049.html", "title": "[SECURITY] [DSA 2182-1] logwatch security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0825\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain JOIN queries. If a\nstored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence, it could cause an infinite loop, leading to excessive\nCPU use (up to 100%). A remote, authenticated attacker could use this flaw\nto cause a denial of service. (CVE-2010-3839)\n\nA flaw was found in the way MySQL processed queries that provide a mixture\nof numeric and longblob data types to the LEAST or GREATEST function. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3838)\n\nA flaw was found in the way MySQL processed PREPARE statements containing\nboth GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\nattacker could use this flaw to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3837)\n\nIt was found that MySQL did not properly pre-evaluate LIKE arguments in\nview prepare mode. A remote, authenticated attacker could possibly use this\nflaw to crash mysqld. (CVE-2010-3836)\n\nA flaw was found in the way MySQL processed statements that assign a value\nto a user-defined variable and that also contain a logical value\nevaluation. A remote, authenticated attacker could use this flaw to crash\nmysqld. This issue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3835)\n\nA flaw was found in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3833)\n\nA flaw was found in the way MySQL processed EXPLAIN statements for some\ncomplex SELECT queries. A remote, authenticated attacker could use this\nflaw to crash mysqld. This issue only caused a temporary denial of service,\nas mysqld was automatically restarted after the crash. (CVE-2010-3682)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA flaw was found in the way MySQL processed CREATE TEMPORARY TABLE\nstatements that define NULL columns when using the InnoDB storage engine. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3680)\n\nA flaw was found in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3677)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017144.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017145.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\nmysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0825.html", "modified": "2010-11-05T10:28:34", "published": "2010-11-05T10:26:35", "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017144.html", "id": "CESA-2010:0825", "title": "mysql security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "unix", "description": " \n[5.0.77-4.4]\r\n- Add fixes for CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682,\r\n CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838,\r\n CVE-2010-3839, CVE-2010-3840\r\nResolves: #645642\r\n- Backpatch strmov fix so that code can be tested on more recent platforms ", "modified": "2010-11-03T00:00:00", "published": "2010-11-03T00:00:00", "id": "ELSA-2010-0825", "href": "http://linux.oracle.com/errata/ELSA-2010-0825.html", "title": "mysql security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "unix", "description": "[5.1.52-1.1]\n- Update to MySQL 5.1.52, for various fixes described at\n http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n including numerous small security issues\nResolves: #652553\n- Sync with current Fedora package; this includes:\n- Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages,\n to ensure they are available when any subset of mysql RPMs are installed,\n per revised packaging guidelines\n- Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig", "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2011-0164", "href": "http://linux.oracle.com/errata/ELSA-2011-0164.html", "title": "mysql security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "unix", "description": "[1.6.11-2.3]\n- add security fix for CVE-2011-0715 (#681173)", "modified": "2011-03-08T00:00:00", "published": "2011-03-08T00:00:00", "id": "ELSA-2011-0328", "href": "http://linux.oracle.com/errata/ELSA-2011-0328.html", "title": "subversion security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:32", "bulletinFamily": "unix", "description": "[1.6.11-7.3]\n- add fix for svnadmin hotcopy (#681522)\n[1.6.11-7.2]\n- add security fix for CVE-2011-0715 (#681171)", "modified": "2011-03-08T00:00:00", "published": "2011-03-08T00:00:00", "id": "ELSA-2011-0327", "href": "http://linux.oracle.com/errata/ELSA-2011-0327.html", "title": "subversion security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nIt was found that the MySQL PolyFromWKB() function did not sanity check\nWell-Known Binary (WKB) data. A remote, authenticated attacker could use\nspecially-crafted WKB data to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3840)\n\nA flaw was found in the way MySQL processed certain JOIN queries. If a\nstored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence, it could cause an infinite loop, leading to excessive\nCPU use (up to 100%). A remote, authenticated attacker could use this flaw\nto cause a denial of service. (CVE-2010-3839)\n\nA flaw was found in the way MySQL processed queries that provide a mixture\nof numeric and longblob data types to the LEAST or GREATEST function. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3838)\n\nA flaw was found in the way MySQL processed PREPARE statements containing\nboth GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated\nattacker could use this flaw to crash mysqld. This issue only caused a\ntemporary denial of service, as mysqld was automatically restarted after\nthe crash. (CVE-2010-3837)\n\nIt was found that MySQL did not properly pre-evaluate LIKE arguments in\nview prepare mode. A remote, authenticated attacker could possibly use this\nflaw to crash mysqld. (CVE-2010-3836)\n\nA flaw was found in the way MySQL processed statements that assign a value\nto a user-defined variable and that also contain a logical value\nevaluation. A remote, authenticated attacker could use this flaw to crash\nmysqld. This issue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3835)\n\nA flaw was found in the way MySQL evaluated the arguments of extreme-value\nfunctions, such as LEAST and GREATEST. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3833)\n\nA flaw was found in the way MySQL processed EXPLAIN statements for some\ncomplex SELECT queries. A remote, authenticated attacker could use this\nflaw to crash mysqld. This issue only caused a temporary denial of service,\nas mysqld was automatically restarted after the crash. (CVE-2010-3682)\n\nA flaw was found in the way MySQL processed certain alternating READ\nrequests provided by HANDLER statements. A remote, authenticated attacker\ncould use this flaw to provide such requests, causing mysqld to crash. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3681)\n\nA flaw was found in the way MySQL processed CREATE TEMPORARY TABLE\nstatements that define NULL columns when using the InnoDB storage engine. A\nremote, authenticated attacker could use this flaw to crash mysqld. This\nissue only caused a temporary denial of service, as mysqld was\nautomatically restarted after the crash. (CVE-2010-3680)\n\nA flaw was found in the way MySQL processed JOIN queries that attempt to\nretrieve data from a unique SET column. A remote, authenticated attacker\ncould use this flaw to crash mysqld. This issue only caused a temporary\ndenial of service, as mysqld was automatically restarted after the crash.\n(CVE-2010-3677)\n\nAll MySQL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the MySQL server daemon (mysqld) will be restarted automatically.\n", "modified": "2017-09-08T12:14:19", "published": "2010-11-03T04:00:00", "id": "RHSA-2010:0825", "href": "https://access.redhat.com/errata/RHSA-2010:0825", "type": "redhat", "title": "(RHSA-2010:0825) Moderate: mysql security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe MySQL PolyFromWKB() function did not sanity check Well-Known Binary\n(WKB) data, which could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3840)\n\nA flaw in the way MySQL processed certain JOIN queries could allow a\nremote, authenticated attacker to cause excessive CPU use (up to 100%), if\na stored procedure contained JOIN queries, and that procedure was executed\ntwice in sequence. (CVE-2010-3839)\n\nA flaw in the way MySQL processed queries that provide a mixture of numeric\nand longblob data types to the LEAST or GREATEST function, could allow a\nremote, authenticated attacker to crash mysqld. (CVE-2010-3838)\n\nA flaw in the way MySQL processed PREPARE statements containing both\nGROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,\nauthenticated attacker to crash mysqld. (CVE-2010-3837)\n\nMySQL did not properly pre-evaluate LIKE arguments in view prepare mode,\npossibly allowing a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3836)\n\nA flaw in the way MySQL processed statements that assign a value to a\nuser-defined variable and that also contain a logical value evaluation\ncould allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3835)\n\nA flaw in the way MySQL evaluated the arguments of extreme-value functions,\nsuch as LEAST and GREATEST, could allow a remote, authenticated attacker to\ncrash mysqld. (CVE-2010-3833)\n\nA flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to\nsend OK packets even when there were errors. (CVE-2010-3683)\n\nA flaw in the way MySQL processed EXPLAIN statements for some complex\nSELECT queries could allow a remote, authenticated attacker to crash\nmysqld. (CVE-2010-3682)\n\nA flaw in the way MySQL processed certain alternating READ requests\nprovided by HANDLER statements could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3681)\n\nA flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that\ndefine NULL columns when using the InnoDB storage engine, could allow a\nremote, authenticated attacker to crash mysqld. (CVE-2010-3680)\n\nA flaw in the way MySQL processed certain values provided to the BINLOG\nstatement caused MySQL to read unassigned memory. A remote, authenticated\nattacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)\n\nA flaw in the way MySQL processed SQL queries containing IN or CASE\nstatements, when a NULL argument was provided as one of the arguments to\nthe query, could allow a remote, authenticated attacker to crash mysqld.\n(CVE-2010-3678)\n\nA flaw in the way MySQL processed JOIN queries that attempt to retrieve\ndata from a unique SET column could allow a remote, authenticated attacker\nto crash mysqld. (CVE-2010-3677)\n\nNote: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,\nCVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,\nand CVE-2010-3677 only cause a temporary denial of service, as mysqld was\nautomatically restarted after each crash.\n\nThese updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL\nrelease notes for a full list of changes:\n\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-06T20:24:08", "published": "2011-01-18T05:00:00", "id": "RHSA-2011:0164", "href": "https://access.redhat.com/errata/RHSA-2011:0164", "type": "redhat", "title": "(RHSA-2011:0164) Moderate: mysql security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "About the security content of Mac OS X v10.6.8 and Security Update 2011-004\r\n\r\n Last Modified: June 23, 2011\r\n Article: HT4723\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security\r\nMac OS X v10.6.8 and Security Update 2011-004\r\n\r\n AirPort\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset\r\n\r\n Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0196\r\n\r\n App Store\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: The user's AppleID password may be logged to a local file\r\n\r\n Description: In certain circumstances, App Store may log the user's AppleID password to a file that is not readable by other users on the system. This issue is addressed through improved handling of credentials.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0197 : Paul Nelson\r\n\r\n ATS\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team\r\n\r\n Certificate Trust Policy\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information\r\n\r\n Description: An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid. This issue is mitigated as most EV certificates specify an OCSP URL.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0199 : Chris Hawk and Wan-Teh Chang of Google\r\n\r\n ColorSync\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative\r\n\r\n CoreFoundation\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0201 : Harry Sintonen\r\n\r\n CoreGraphics\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team\r\n\r\n FTP Server\r\n\r\n Available for: Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A person with FTP access may list files on the system\r\n\r\n Description: A path validation issue existed in xftpd. A person with FTP access may perform a recursive directory listing starting from the root, including directories that are not shared for FTP. The listing will eventually include any file that would be accessible to the FTP user. The contents of files are not disclosed. This issue is addressed through improved path validation. This issue only affects Mac OS X Server systems.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0203 : team karlkani\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\n ImageIO\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG2000 images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0205 : Harry Sintonen\r\n\r\n International Components for Unicode\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\n Kernel\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A local user may be able to cause a system reset\r\n\r\n Description: A null dereference issue existed in the handling of IPV6 socket options. A local user may be able to cause a system reset.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-1132 : Thomas Clement of Intego\r\n\r\n Libsystem\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Applications which use the glob(3) API may be vulnerable to a denial of service\r\n\r\n Description: Applications which use the glob(3) API may be vulnerable to a denial of service. If the glob pattern comes from untrusted input, the application may hang or use excessive CPU resources. This issue is addressed through improved validation of glob patterns.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-2632 : Maksymilian Arciemowicz\r\n\r\n libxslt\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap\r\n\r\n Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0195 : Chris Evans of the Google Chrome Security Team\r\n\r\n MobileMe\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: An attacker with a privileged network position may read a user's MobileMe email aliases\r\n\r\n Description: When communicating with MobileMe to determine a user's email aliases, Mail will make requests over HTTP. As a result, an attacker with a privileged network position may read a user's MobileMe email aliases. This issue is addressed by using SSL to access the user's email aliases.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0207 : Aaron Sigel of vtty.com\r\n\r\n MySQL\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.91\r\n\r\n Description: MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3677\r\n\r\n CVE-2010-3682\r\n\r\n CVE-2010-3833\r\n\r\n CVE-2010-3834\r\n\r\n CVE-2010-3835\r\n\r\n CVE-2010-3836\r\n\r\n CVE-2010-3837\r\n\r\n CVE-2010-3838\r\n\r\n OpenSSL\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Multiple vulnerabilities in OpenSSL\r\n\r\n Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.\r\n\r\n CVE-ID\r\n\r\n CVE-2009-3245\r\n\r\n CVE-2010-0740\r\n\r\n CVE-2010-3864\r\n\r\n CVE-2010-4180\r\n\r\n CVE-2011-0014\r\n\r\n patch\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten\r\n\r\n Description: A directory traversal issue existed in GNU patch. Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten. This issue is addressed through improved validation of patch files.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-4651\r\n\r\n QuickLook\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0208 : Tobias Klein working with iDefense VCP\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in QuickTime's handling of PICT images. Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3790 : Subreption LLC working with TippingPoint's Zero Day Initiative\r\n\r\n QuickTime\r\n\r\n Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0213 : Luigi Auriemma working with iDefense\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X 10.6.7.\r\n\r\n CVE-ID\r\n\r\n CVE-2010-3069\r\n\r\n Samba\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory corruption issue existed in Samba's handling of file descriptors. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0719 : Volker Lendecke of SerNet\r\n\r\n servermgrd\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: A remote attacker may be able to read arbitrary files from the system\r\n\r\n Description: An XML External Entity issue exists in servermgrd's handling of XML-RPC requests. This issue is addressed by removing servermgrd's XML-RPC interface. This issue only affects Mac OS X Server systems.\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0212 : Apple\r\n\r\n subversion\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7\r\n\r\n Impact: If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service\r\n\r\n Description: A null dereference issue existed in Subversion's handling of lock tokens sent over HTTP. If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service. For Mac OS X v10.6 systems, Subversion is updated to version 1.6.6. For Mac OS X v10.5.8 systems, the issue is addressed through additional validation of lock tokens. Further information is available via the Subversion web site at http://subversion.tigris.org/\r\n\r\n CVE-ID\r\n\r\n CVE-2011-0715\r\n\r\n", "modified": "2011-07-04T00:00:00", "published": "2011-07-04T00:00:00", "id": "SECURITYVULNS:DOC:26596", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26596", "title": "About the security content of Mac OS X v10.6.8 and Security Update 2011-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "DoS conditions, buffer overflows, information leaks, code execution in different subsystems.", "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "SECURITYVULNS:VULN:11754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11754", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "description": "Unauthrozied ALTER DATABASE / UPGRADE DATA DIRECTORY files access, multiple DoS conditions.", "modified": "2010-11-15T00:00:00", "published": "2010-11-15T00:00:00", "id": "SECURITYVULNS:VULN:11243", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11243", "title": "MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-1017-1 November 11, 2010\r\nmysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities\r\nCVE-2010-2008, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679,\r\nCVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683,\r\nCVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836,\r\nCVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n mysql-server-5.0 5.0.22-0ubuntu6.06.15\r\n\r\nUbuntu 8.04 LTS:\r\n mysql-server-5.0 5.0.51a-3ubuntu5.8\r\n\r\nUbuntu 9.10:\r\n mysql-server-5.1 5.1.37-1ubuntu5.5\r\n\r\nUbuntu 10.04 LTS:\r\n mysql-server-5.1 5.1.41-3ubuntu12.7\r\n\r\nUbuntu 10.10:\r\n mysql-server-5.1 5.1.49-1ubuntu8.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that MySQL incorrectly handled certain requests with the\r\nUPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit\r\nthis to make MySQL crash, causing a denial of service. This issue only\r\naffected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)\r\n\r\nIt was discovered that MySQL incorrectly handled joins involving a table\r\nwith a unique SET column. An authenticated user could exploit this to make\r\nMySQL crash, causing a denial of service. This issue only affected Ubuntu\r\n6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)\r\n\r\nIt was discovered that MySQL incorrectly handled NULL arguments to IN() or\r\nCASE operations. An authenticated user could exploit this to make MySQL\r\ncrash, causing a denial of service. This issue only affected Ubuntu 9.10\r\nand 10.04 LTS. (CVE-2010-3678)\r\n\r\nIt was discovered that MySQL incorrectly handled malformed arguments to the\r\nBINLOG statement. An authenticated user could exploit this to make MySQL\r\ncrash, causing a denial of service. This issue only affected Ubuntu 9.10\r\nand 10.04 LTS. (CVE-2010-3679)\r\n\r\nIt was discovered that MySQL incorrectly handled the use of TEMPORARY\r\nInnoDB tables with nullable columns. An authenticated user could exploit\r\nthis to make MySQL crash, causing a denial of service. This issue only\r\naffected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3680)\r\n\r\nIt was discovered that MySQL incorrectly handled alternate reads from two\r\nindexes on a table using the HANDLER interface. An authenticated user could\r\nexploit this to make MySQL crash, causing a denial of service. This issue\r\nonly affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS.\r\n(CVE-2010-3681)\r\n\r\nIt was discovered that MySQL incorrectly handled use of EXPLAIN with\r\ncertain queries. An authenticated user could exploit this to make MySQL\r\ncrash, causing a denial of service. This issue only affected Ubuntu\r\n6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)\r\n\r\nIt was discovered that MySQL incorrectly handled error reporting when using\r\nLOAD DATA INFILE and would incorrectly raise an assert in certain\r\ncircumstances. An authenticated user could exploit this to make MySQL\r\ncrash, causing a denial of service. This issue only affected Ubuntu 9.10\r\nand 10.04 LTS. (CVE-2010-3683)\r\n\r\nIt was discovered that MySQL incorrectly handled propagation during\r\nevaluation of arguments to extreme-value functions. An authenticated user\r\ncould exploit this to make MySQL crash, causing a denial of service. This\r\nissue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10.\r\n(CVE-2010-3833)\r\n\r\nIt was discovered that MySQL incorrectly handled materializing a derived\r\ntable that required a temporary table for grouping. An authenticated user\r\ncould exploit this to make MySQL crash, causing a denial of service.\r\n(CVE-2010-3834)\r\n\r\nIt was discovered that MySQL incorrectly handled certain user-variable\r\nassignment expressions that are evaluated in a logical expression context.\r\nAn authenticated user could exploit this to make MySQL crash, causing a\r\ndenial of service. This issue only affected Ubuntu 8.04 LTS, 9.10,\r\n10.04 LTS and 10.10. (CVE-2010-3835)\r\n\r\nIt was discovered that MySQL incorrectly handled pre-evaluation of LIKE\r\npredicates during view preparation. An authenticated user could exploit\r\nthis to make MySQL crash, causing a denial of service. (CVE-2010-3836)\r\n\r\nIt was discovered that MySQL incorrectly handled using GROUP_CONCAT() and\r\nWITH ROLLUP together. An authenticated user could exploit this to make\r\nMySQL crash, causing a denial of service. (CVE-2010-3837)\r\n\r\nIt was discovered that MySQL incorrectly handled certain queries using a\r\nmixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST()\r\nfunctions. An authenticated user could exploit this to make MySQL crash,\r\ncausing a denial of service. (CVE-2010-3838)\r\n\r\nIt was discovered that MySQL incorrectly handled queries with nested joins\r\nwhen used from stored procedures and prepared statements. An authenticated\r\nuser could exploit this to make MySQL hang, causing a denial of service.\r\nThis issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839)\r\n\r\nIt was discovered that MySQL incorrectly handled improper WKB data passed\r\nto the PolyFromWKB() function. An authenticated user could exploit this to\r\nmake MySQL crash, causing a denial of service. (CVE-2010-3840)\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.15.diff.gz\r\n Size/MD5: 178188 38c129d7339c89f4eba4c19fd3b48a8e\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.15.dsc\r\n Size/MD5: 1765 c0d4e7d49f9857c71d8e91c1e7cc54b2\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz\r\n Size/MD5: 18446645 2b8f36364373461190126817ec872031\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.15_all.deb\r\n Size/MD5: 39978 7ebcc42187ede799d071276d38f83744\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.15_all.deb\r\n Size/MD5: 42518 6e367452a0b3d168c574ae64219137b1\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.15_all.deb\r\n Size/MD5: 39982 acd2b86e437fb3734f460a60c47cee44\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.15_amd64.deb\r\n Size/MD5: 6738602 55b4fd61adaad42c04b76ae0877a8e83\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.15_amd64.deb\r\n Size/MD5: 1424234 722761a4b65614aa2cc8efba06ad5355\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.15_amd64.deb\r\n Size/MD5: 6900952 01a5e128ed55a06e1f903a9574c7ea61\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.15_amd64.deb\r\n Size/MD5: 22544490 29001d165026dc416d10ade074875cca\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.15_i386.deb\r\n Size/MD5: 6144586 01eac83af471566e10d59ae33f7d5fe0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.15_i386.deb\r\n Size/MD5: 1385448 04a1b919fa386e3643d85eaeb492523b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.15_i386.deb\r\n Size/MD5: 6280628 3a34833a57e23ea89f5170d97877b511\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.15_i386.deb\r\n Size/MD5: 21354962 ab094c08f1f58089191a7d22ae82cef2\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.15_powerpc.deb\r\n Size/MD5: 6888510 8a132e1b19c8d1098dfdfe7a49b4f209\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.15_powerpc.deb\r\n Size/MD5: 1465260 8075c27e698ec920ca6b903ef3e5ce49\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.15_powerpc.deb\r\n Size/MD5: 6948840 37c008fd0ceb7ae6b750e349809e6466\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.15_powerpc.deb\r\n Size/MD5: 22709850 02e275075e5f5ed187711e18f64c4952\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.15_sparc.deb\r\n Size/MD5: 6437636 fe08465f8cd8345ab7f25f9245ca42c9\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.15_sparc.deb\r\n Size/MD5: 1437450 c2de9127465bd162681ba142887627dd\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.15_sparc.deb\r\n Size/MD5: 6551944 7bd359130b6050359bf5ff0adb1a9b20\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.15_sparc.deb\r\n Size/MD5: 21975892 1093883548b2cddc46a4a2aea2647e97\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-3ubuntu5.8.diff.gz\r\n Size/MD5: 358579 56c0452e6f36686c9d05f7933468fe02\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-3ubuntu5.8.dsc\r\n Size/MD5: 2071 1c364151ad3abb3134e357e1d50388a6\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz\r\n Size/MD5: 17946664 6fae978908ad5eb790fa3f24f16dadba\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-3ubuntu5.8_all.deb\r\n Size/MD5: 53298 63abcf36b00ba0d561e41de747147a98\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-3ubuntu5.8_all.deb\r\n Size/MD5: 62088 1d8703413d7f71aade6445c9efabcc83\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-3ubuntu5.8_all.deb\r\n Size/MD5: 55488 f130cf8f453bcfbc22690c1958fbea00\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.8_amd64.deb\r\n Size/MD5: 7614932 605808ad3b237f7f0ae1c21d6f79758a\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.8_amd64.deb\r\n Size/MD5: 1887226 ebb497ab886c9faca52a42552180c3fb\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.8_amd64.deb\r\n Size/MD5: 8252196 c3c737f644b47b805186ce7b00a6d33e\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.8_amd64.deb\r\n Size/MD5: 28161616 f1af5e0e4c18c5bbdc2bb4fff40fb8f2\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.8_i386.deb\r\n Size/MD5: 7223194 63dc0d96dd4ff34be31c9b6da6a72f27\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.8_i386.deb\r\n Size/MD5: 1832772 0dd80f740bcbe40122ed32577514a2d6\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.8_i386.deb\r\n Size/MD5: 7834082 5434145509e6a9ac7ab328f9a6979aa0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.8_i386.deb\r\n Size/MD5: 27568916 3fb255106105df17bb48ba3af49474e0\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.8_lpia.deb\r\n Size/MD5: 7163494 a4a032940ebe2756cf44bb8b30fbe8b4\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.8_lpia.deb\r\n Size/MD5: 1828002 8791d74e55c730f2f8162428cb8d3d7c\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.8_lpia.deb\r\n Size/MD5: 7845656 ded7c6756b5d7a27b0194f532247bf31\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.8_lpia.deb\r\n Size/MD5: 27362950 ee96550d3a80a90b6b16eb1f1d5affd3\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.8_powerpc.deb\r\n Size/MD5: 7589774 9ee36ca16f7ec707666bbb45b39dca91\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.8_powerpc.deb\r\n Size/MD5: 1916848 8a3183f14b7ae5a63de8e9459e6922b0\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.8_powerpc.deb\r\n Size/MD5: 8245266 277ac8cba87b4e838aaf894749f9ce7e\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.8_powerpc.deb\r\n Size/MD5: 28354820 926ce81e465a584a2a0d1cc3329c063a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.8_sparc.deb\r\n Size/MD5: 7202436 7b4b220badd74fd992ba8c6ff7b35ea0\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.8_sparc.deb\r\n Size/MD5: 1847528 44344dcfec06342310da94329b5227ce\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.8_sparc.deb\r\n Size/MD5: 7836440 c211e18849940108270801431c3ebf33\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.8_sparc.deb\r\n Size/MD5: 27650038 2667b9132784e43f5f8ceba7c355acf5\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37-1ubuntu5.5.diff.gz\r\n Size/MD5: 343665 186b3a556b81532075ad6feb344cfe0c\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37-1ubuntu5.5.dsc\r\n Size/MD5: 2522 c7d66071d8d446783bcbb2cf0dfb6e3b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.37.orig.tar.gz\r\n Size/MD5: 17814352 a472b99a174592f052c37042764fea3e\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16-dev_5.1.37-1ubuntu5.5_all.deb\r\n Size/MD5: 65264 9d79bdf716a4d8a092d567157ee975be\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client_5.1.37-1ubuntu5.5_all.deb\r\n Size/MD5: 65324 e0d910bdc10310194d99bc2c165ae333\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-common_5.1.37-1ubuntu5.5_all.deb\r\n Size/MD5: 71164 220c35b60d80d28224d2113bd143c686\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server_5.1.37-1ubuntu5.5_all.deb\r\n Size/MD5: 65452 2861f2ea8fbf2abc314fd3cdf14872e0\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 2402648 44b830a893d6e77bc617f97254ef7da8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 1960428 41178f99f4922a8290cc758df2340ab2\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 5667062 b8a5623cead76e5950ec2f403ae663b8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 4437346 2423a9a6878cd44d606eced3bc197c2f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 8837650 d7d866861a2498596dfee73287ef9813\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 7273026 3ac85a659f16dbd878053a2dd695d6a1\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_amd64.deb\r\n Size/MD5: 4128168 3161fe5ab9ce1296cd40938873f1b103\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 2332702 1ce8580e6af3b788a09c7d7a0a8d40ac\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 1904404 027b42bde9632c2065720ffcb6f738c7\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 5433794 e926b1d9b454cb9d89afa063ca2d663f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 4211558 d2df1d1cd42197ca3bfca48b6e39ffe4\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 8209846 0926ae62554a127a283d6f7a2605c279\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 7187446 5c415f1385767b85b07a73dc48210744\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_i386.deb\r\n Size/MD5: 3841096 0363a16f629a35474853c04883bd5ab3\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 2288474 20b98307f3d8eae926e9a267c83cc675\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 1792580 8416658c287fc47df4a88cfd975bc861\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 5287846 f7fb108f9c0040a6313ce7c1d71a037f\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 4311738 a8ac7c897f8d958f1945c29bc0e1cba6\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 7415966 f4dff3cd298ca1cc1343443625df59c9\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 6765750 0295731bc47b322cca7974b92b934f0d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_armel.deb\r\n Size/MD5: 3464918 80261238e82a60574de5ad7ec947c006\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 2322318 62a59caee4959c63fbbbb682052d8e20\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 1905624 4d96043bd14b49f1860f1917e489c06b\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 5398390 74731410a65f8452a6ae2bdc990d2418\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 4182098 d9e13eb60231b2f5038938b5ef03ea86\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 8190806 9d16d8907b9d4da4b7bcf9b38a239453\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 7197878 8251d96c880ae454f2b399a0101dfb59\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_lpia.deb\r\n Size/MD5: 3828970 0097560c7892383fbf56080ab6d9c795\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 2419218 a0ced7255dd4a7d6f5221cfd4ec12c38\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 1935528 bb45cb56160edf9fb1eadbd5b3690a1b\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 5630372 611b47bbcad0e669bb662ce9a4a6665d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 4363226 5c2610076f8df7d86e92aae18f238635\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 8691618 fefe972a0a189ded67bf7aa16a1185b8\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 7207692 585ce3dddb191f416e12c9f2b51a2004\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_powerpc.deb\r\n Size/MD5: 4063606 72da7ea5182956ba32f66d2ee23a3fdd\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 2319342 70d608594f5cf135c1146abd43a8e445\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 1926218 559f770cdb9cdec49bd724ca780b51af\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 5293588 00a18546295d7765191d347a3414459a\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 4080864 ecd088d30b64600dd893dd85c78ff05d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 8335248 de8c6e0b6439708c6b0df095db0764bd\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 7299784 64bfe588882ef1c1ea7bab9d538d9385\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.37-1ubuntu5.5_sparc.deb\r\n Size/MD5: 3879404 a4da166556e276d7fbfb3afa10555b19\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.41-3ubuntu12.7.diff.gz\r\n Size/MD5: 341522 2dedee77a23f60a8923ef633c626bcab\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.41-3ubuntu12.7.dsc\r\n Size/MD5: 2577 916ca7a18d8315fc01878d987b8fb2e9\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-dfsg-5.1_5.1.41.orig.tar.gz\r\n Size/MD5: 19970033 7652277028a7dedc6e1b5a9d87f6bfe6\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16-dev_5.1.41-3ubuntu12.7_all.deb\r\n Size/MD5: 94418 98013f0aa27b5cd56d6b0959755acb63\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client_5.1.41-3ubuntu12.7_all.deb\r\n Size/MD5: 94476 90c21f8021ff74ef8f0b51c3361a67fc\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-common_5.1.41-3ubuntu12.7_all.deb\r\n Size/MD5: 98636 6a2cb0dca9993c5bd760e653af26bfba\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server_5.1.41-3ubuntu12.7_all.deb\r\n Size/MD5: 94604 7ce993505db3145e27cbaa9561d9757f\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 3223076 dd7a36078d8ffc4156002fa45fbd3496\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 1986496 372d1279a872224bd9a23735719ccc3c\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 5723882 bf86e090998e98ba3e3524674ce38399\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 4471388 c02e1a665b1ff9f01e0d015b8723f84d\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 8748306 b97c6d4ce926a72389f8fc4bde987108\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-core-5.1_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 187866 eaeab5c4a74dbdbf7dc3491337b5816a\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 7104886 40289c8486583236f01f7b92d2ae850f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 5002110 a042514c9d112495527838f9cc90b216\r\n http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-5.1/mysql-testsuite_5.1.41-3ubuntu12.7_amd64.deb\r\n Size/MD5: 5854888 889d471d902c1cc6e551bafa937ddba5\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 3120982 98846212f393e41fe3fdf1deeaf67164\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 1932800 1745df40283bd84666f2d2baf0e7b825\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 5483392 2dd6de38f8445b0a881465b866f22ed1\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 4252774 cc3f3566c0ffc1ad56256c72df0bba66\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 8140854 b6c531dc0a508028fb6750a8a97cffed\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-client-core-5.1_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 178016 4152e6d2a6f2e0691747dc720884bd1a\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 7008926 651a698609fd23d35042d1cc2944a3b8\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 4713646 8deca71ef1e6e4d069fe83f0e0e753a0\r\n http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-5.1/mysql-testsuite_5.1.41-3ubuntu12.7_i386.deb\r\n Size/MD5: 5854620 306063c37c634c072478bbc955ea2100\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 3013290 827ad26ea7fa08bd1e2e3973cdcb75fe\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 1815220 9afb671ee13d6ec83393dbc22cfe4157\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 5349762 d9cf3ccfaa7c4ca03207df8685ad9208\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 4167498 5712428d809e5692ea97ddc22f072144\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 7839032 9d3fb4fa4abd37cab1492d64f9ff73fa\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-core-5.1_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 176658 31e661ab1a3cc8a7cf6e4aeb3c7d0dcb\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 6649318 7c9cb70f88945f1315c02c54582d0e38\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 4527384 ef5b51c9cbe92a4cc044d13bd9de8fc2\r\n http://ports.ubuntu.com/pool/universe/m/mysql-dfsg-5.1/mysql-testsuite_5.1.41-3ubuntu12.7_armel.deb\r\n Size/MD5: 6123626 e2a83e6c0139446b80c086243dda73e4\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient-dev_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 3222050 67e6f36948e272fad3fd2d984bd8de80\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 1962756 89727e949e4abc8ee7a4e2ae3546d0e8\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-dev_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 5679618 7a0a4f87f4c6db95bc4635d68540b3a4\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/libmysqld-pic_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 4399862 ce16555ac32b7437de2d4253cf69707b\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-5.1_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 8611942 24293d5d3cf3d07d4dd7465207c5b37d\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-client-core-5.1_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 184446 0ecb05e0b85af24205b1fb6dd8cda569\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-5.1_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 7078860 9244d73aacc4dcc086405badab3f4dc9\r\n http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.1/mysql-server-core-5.1_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 4925814 36478289c2db2b8719ac6dcdd576cc5c\r\n http://ports.ubuntu.com/pool/universe/m/mysql-dfsg-5.1/mysql-testsuite_5.1.41-3ubuntu12.7_powerpc.deb\r\n Size/MD5: 5855794 c3a975ca6f89b5993caac46c2145abc9\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-5.1_5.1.49-1ubuntu8.1.diff.gz\r\n Size/MD5: 305493 bf1401a668e17d2fe8968b3eb5e972cd\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-5.1_5.1.49-1ubuntu8.1.dsc\r\n Size/MD5: 2515 8ab9c7f2d21ffb997084059c810c5fdf\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-5.1_5.1.49.orig.tar.gz\r\n Size/MD5: 23687599 a90d87a71fa3c23dff6d78afc8e3184c\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqlclient16-dev_5.1.49-1ubuntu8.1_all.deb\r\n Size/MD5: 60646 5c4d4c5704b346d44d5c7c8067186ebd\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-client_5.1.49-1ubuntu8.1_all.deb\r\n Size/MD5: 60704 95d45d5a1a5752b684daf8baf10d7e13\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-common_5.1.49-1ubuntu8.1_all.deb\r\n Size/MD5: 64190 600cb8fd550ce078dc43e857fa8c44b5\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-server_5.1.49-1ubuntu8.1_all.deb\r\n Size/MD5: 60828 ee67984f242c5dd457bd9922b84584f5\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqlclient-dev_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 3220050 dcd190be3d830c7467df1e7691be244d\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqlclient16_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 1935174 b484f56c341c2dfe333251310eca9d05\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqld-dev_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 5719086 a3485ac465903beb15c2637be8600dd2\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqld-pic_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 4471496 1a5764de1b2fee475fcd25ff60ae9f2e\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-client-5.1_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 8671758 da2ab2925e42cd21375afb783af04ad1\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-client-core-5.1_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 153814 d1e5075ed246e2dcd1c098464ee5a08f\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-server-5.1_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 7080970 1dd0ef80777971812572d116b18d35c0\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-server-core-5.1_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 4957194 cb8fd00319578705a7070f53771a8320\r\n http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-5.1/mysql-testsuite_5.1.49-1ubuntu8.1_amd64.deb\r\n Size/MD5: 7368730 cc7c4a05da37f2bf1472ae15ca2f714f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqlclient-dev_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 3105726 3004afe76e052d4d5f01516a11f0495b\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqlclient16_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 1881264 5de57206e1461e9aa67390233b8b2d82\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqld-dev_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 5470154 48cc3113379fec6769668dd9ebcfa50c\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/libmysqld-pic_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 4241500 a60587a1d9f508946ed32860fa530daa\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-client-5.1_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 8025360 9a9904a2acd2ac6011ebf6292b20c720\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-client-core-5.1_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 143678 12c55b61ff1a84aacb25ad2c8b66ba10\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-server-5.1_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 6968662 14a3a361658f3d01fae0e382b3f5a2d3\r\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.1/mysql-server-core-5.1_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 4643116 99ca4a15e99da47659b9092a920f99f0\r\n http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-5.1/mysql-testsuite_5.1.49-1ubuntu8.1_i386.deb\r\n Size/MD5: 6985638 39ba73f90d9599bc1ae94e8d49f43a62\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqlclient-dev_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 3218612 f222c6d8d91ba8e92134fc78da7ac628\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqlclient16_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 1892262 360b5e68119affa2b521a14f49f0177f\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqld-dev_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 5763584 8433af4cdcbd670215ded8c1919b681e\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqld-pic_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 4481508 e9d1759385ccee7ac591f27bb98a2d50\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-client-5.1_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 8415362 7076122233d2c649598ec4c1a113af1e\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-client-core-5.1_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 147198 e7a41ec8850b5bcfd21826ba30805546\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-server-5.1_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 6991658 5673eb309fa0751d71093e4dad432393\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-server-core-5.1_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 4829048 6484be204ab8f596969cf62a4fa6f7ec\r\n http://ports.ubuntu.com/pool/universe/m/mysql-5.1/mysql-testsuite_5.1.49-1ubuntu8.1_armel.deb\r\n Size/MD5: 7380590 e96ddf4dd5a7a5569c6814b6dfaea26f\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqlclient-dev_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 3206172 8a345dc27b2f504ec0ece62bf21a2ff9\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqlclient16_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 1911892 785ae6e822dc75fafb1bff4b53625692\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqld-dev_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 5672730 74464f121fa7f900912ad87d434fe286\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/libmysqld-pic_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 4395190 6607c4966d73f6868cc0af0b466133d9\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-client-5.1_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 8521778 b95cf62dea1e5047ee633336caf1b9a3\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-client-core-5.1_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 150358 f9b51c4963a90a4955e3daa49a0638ad\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-server-5.1_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 7036216 bf51324d366812e5e550769e89cd3bbe\r\n http://ports.ubuntu.com/pool/main/m/mysql-5.1/mysql-server-core-5.1_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 4872378 2c557c62dbf828f726dc8ebff63700e8\r\n http://ports.ubuntu.com/pool/universe/m/mysql-5.1/mysql-testsuite_5.1.49-1ubuntu8.1_powerpc.deb\r\n Size/MD5: 6985654 31544cfd6d9944ea6e3c8e9c6d22f84f\r\n\r\n\r\n", "modified": "2010-11-15T00:00:00", "published": "2010-11-15T00:00:00", "id": "SECURITYVULNS:DOC:25125", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25125", "title": "[USN-1017-1] MySQL vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:32", "bulletinFamily": "unix", "description": "It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)\n\nIt was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)\n\nIt was discovered that MySQL incorrectly handled NULL arguments to IN() or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3678)\n\nIt was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3679)\n\nIt was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3680)\n\nIt was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3681)\n\nIt was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3682)\n\nIt was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-3683)\n\nIt was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3833)\n\nIt was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3834)\n\nIt was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3835)\n\nIt was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3836)\n\nIt was discovered that MySQL incorrectly handled using GROUP_CONCAT() and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3837)\n\nIt was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST() or LEAST() functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3838)\n\nIt was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-3839)\n\nIt was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB() function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. (CVE-2010-3840)", "modified": "2010-11-11T00:00:00", "published": "2010-11-11T00:00:00", "id": "USN-1017-1", "href": "https://usn.ubuntu.com/1017-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:23:36", "bulletinFamily": "unix", "description": "Philip Martin discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests containing a lock token. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service.", "modified": "2011-03-29T00:00:00", "published": "2011-03-29T00:00:00", "id": "USN-1096-1", "href": "https://usn.ubuntu.com/1096-1/", "title": "Subversion vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:02:20", "bulletinFamily": "exploit", "description": "Bugtraq ID: 48412\r\nCVE ID\uff1aCVE-2011-0196\r\nCVE-2011-0197\r\n CVE-2011-0198\r\n CVE-2011-0199\r\n CVE-2011-0200\r\n CVE-2011-0201\r\n CVE-2011-0202\r\n CVE-2011-0203\r\n CVE-2011-0204\r\n CVE-2011-0205\r\n CVE-2011-0206\r\n CVE-2011-0207\r\n CVE-2011-0208\r\n CVE-2011-0209\r\n CVE-2011-0210\r\n CVE-2011-0211\r\n CVE-2011-0212\r\n CVE-2011-0213\r\n CVE-2011-1132\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X 2011-004\u5b89\u5168\u516c\u544a\u4fee\u590d\u4e86\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cdAirPort, App Store, ATS, Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, International Components for Unicode, MobileMe, QuickLook, QuickTime\u548cservermgrd\u3002\r\nCVE-2011-0196\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\n \r\n\u5904\u7406Wi-Fi\u5e27\u5b58\u5728\u8d8a\u754c\u8bfb\u95ee\u9898\uff0c\u5f53\u8fde\u63a5\u5230Wi-Fi\u65f6\uff0c\u5728\u540c\u4e00\u7f51\u7edc\u7684\u653b\u51fb\u8005\u53ef\u4f7f\u7cfb\u7edf\u91cd\u7f6e\u3002\r\nCVE-2011-0197\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\n \r\n\u5728\u67d0\u4e9b\u6761\u4ef6\u4e0b\uff0cApp Store\u4f1a\u8bb0\u5f55\u7528\u6237AppleID\u5bc6\u7801\u5230\u5176\u4ed6\u7528\u6237\u4e0d\u53ef\u8bfb\u7684\u6587\u4ef6\u4e2d\u3002\r\nCVE-2011-0198\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\n \r\n\u5904\u7406TrueType\u5b57\u4f53\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u6216\u4e0b\u8f7d\u5305\u542b\u6076\u610f\u5b57\u4f53\u7684\u6587\u6863\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0199\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\n \r\n\u8bc1\u4e66\u4fe1\u4efb\u7b56\u7565\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\u5904\u7406\u95ee\u9898\u3002\u5982\u679c\u6269\u5c55\u9a8c\u8bc1(EV)\u8bc1\u4e66\u6ca1\u6709OCSP URL\uff0c\u5e76\u4e14\u542f\u7528\u4e86CRL\uff0c\u90a3\u4e48CRL\u4e0d\u4f1a\u88ab\u68c0\u67e5\u5e76\u4f1a\u63a5\u6536\u4f5c\u5e9f\u7684\u8bc1\u4e66\u4f5c\u4e3a\u5408\u6cd5\u8bc1\u4e66\u3002\r\nCVE-2011-0200\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\n \r\n\u5904\u7406\u5d4c\u5165ColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-2011-0201\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\n \r\n\u5904\u7406CFStrings\u5b58\u5728\u5355\u5b57\u8282\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2011-0202\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\n \r\n\u5904\u7406Type 1\u5b57\u4f53\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u67e5\u770b\u548c\u4e0b\u8f7d\u5d4c\u5165\u7279\u5236\u5b57\u4f53\u7684\u6587\u6863\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-2011-0203\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\n \r\nxftpd\u5b58\u5728\u8def\u5f84\u6821\u9a8c\u9519\u8bef\uff0c\u5177\u6709FTP\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u5217\u51fa\u7cfb\u7edf\u6587\u4ef6\u3002\r\nCVE-2011-0204\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\n \r\nImageIO\u5904\u7406TIFF\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236\u7684TIFF\u56fe\u50cf\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0205\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\n \r\nImageIO\u5904\u7406JPEG2000\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236\u7684TIFF\u56fe\u50cf\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0206\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\n \r\nICU\u5904\u7406\u5927\u5199\u5b57\u7b26\u4e32\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u4f7f\u4f7f\u7528ICU\u7684\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-2011-0207\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\n \r\n\u901a\u8fc7MobileMe\u8fde\u63a5\u5224\u65ad\u7528\u6237Email\u522b\u540d\u65f6\uff0c\u90ae\u4ef6\u4f1a\u901a\u8fc7HTTP\u63d0\u4ea4\u8bf7\u6c42\uff0c\u7ed3\u679c\u53ef\u5bfc\u81f4\u4e00\u4e2a\u5177\u4f53\u6709\u7279\u6743\u7f51\u7edc\u4f4d\u7f6e\u7684\u653b\u51fb\u8005\u8bfb\u53d6\u7528\u6237MobileMe email\u522b\u540d\u3002\r\nCVE-2011-0208\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\n \r\nQuickLook\u5904\u7406Microsoft office\u6587\u4ef6\u5b58\u5728\u5185\u5b58\u7834\u574f\uff0c\u4e0b\u8f7d\u7279\u5236\u7684Microsoft Office\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0209\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\n \r\nQuickTime\u5904\u7406RIFF WAV\u6587\u4ef6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236WAV\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0210\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\nCNCVE-20110210\r\n \r\nQuickTime\u5904\u7406QuickTime\u7535\u5f71\u6587\u4ef6\u4e2d\u7684\u793a\u4f8b\u8868\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\uff0c\u67e5\u770b\u7279\u5236\u7535\u5f71\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0211\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\nCNCVE-20110210\r\nCNCVE-20110211\r\n \r\nQuickTime\u5904\u7406QuickTime\u7535\u5f71\u6587\u4ef6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236\u7535\u5f71\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0212\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\nCNCVE-20110210\r\nCNCVE-20110211\r\nCNCVE-20110212\r\n \r\nQuickTime\u5904\u7406PICT\u56fe\u50cf\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236PICT\u56fe\u50cf\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-0213\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\nCNCVE-20110210\r\nCNCVE-20110211\r\nCNCVE-20110212\r\nCNCVE-20110213\r\n \r\nQuickTime\u5904\u7406JPEG\u56fe\u50cf\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236JPEG\u56fe\u50cf\u6587\u4ef6\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-2011-1132\uff1a\r\nCNCVE ID\uff1aCNCVE-20110196\r\nCNCVE-20110196\r\nCNCVE-20110197\r\nCNCVE-20110198\r\nCNCVE-20110199\r\nCNCVE-20110200\r\nCNCVE-20110201\r\nCNCVE-20110202\r\nCNCVE-20110203\r\nCNCVE-20110204\r\nCNCVE-20110205\r\nCNCVE-20110206\r\nCNCVE-20110207\r\nCNCVE-20110208\r\nCNCVE-20110209\r\nCNCVE-20110210\r\nCNCVE-20110211\r\nCNCVE-20110212\r\nCNCVE-20110213\r\nCNCVE-20111132\r\n \r\n\u5904\u7406IPV6\u5957\u63a5\u5b57\u9009\u9879\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u9519\u8bef\uff0c\u672c\u5730\u7528\u6237\u53ef\u4f7f\u7cfb\u7edf\u91cd\u7f6e\u3002\n\nApple Mac OS X Server 10.6.6\r\n Apple Mac OS X Server 10.6.5\r\n Apple Mac OS X Server 10.6.5\r\n Apple Mac OS X Server 10.6.4\r\n Apple Mac OS X Server 10.6.3\r\n Apple Mac OS X Server 10.6.2\r\n Apple Mac OS X Server 10.6.1\r\n Apple Mac OS X Server 10.5.8\r\n Apple Mac OS X Server 10.5.7\r\n Apple Mac OS X Server 10.5.6\r\n Apple Mac OS X Server 10.5.5\r\n Apple Mac OS X Server 10.5.4\r\n Apple Mac OS X Server 10.5.3\r\n Apple Mac OS X Server 10.5.2\r\n Apple Mac OS X Server 10.5.1\r\n Apple Mac OS X Server 10.5\r\n Apple Mac Os X Server 10.6.7\r\n Apple Mac OS X Server 10.6\r\n Apple Mac OS X Server 10.5\r\n Apple Mac OS X 10.6.5\r\n Apple Mac OS X 10.6.4\r\n Apple Mac OS X 10.6.3\r\n Apple Mac OS X 10.6.2\r\n Apple Mac OS X 10.6.1\r\n Apple Mac OS X 10.5.8\r\n Apple Mac OS X 10.5.7\r\n Apple Mac OS X 10.5.6\r\n Apple Mac OS X 10.5.5\r\n Apple Mac OS X 10.5.4\r\n Apple Mac OS X 10.5.3\r\n Apple Mac OS X 10.5.2\r\n Apple Mac OS X 10.5.1\r\n Apple Mac OS X 10.5\r\n Apple Mac OS X 10.6\r\n Apple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b760113a3a155269a3fba93a409c640031dd68f", "modified": "2011-06-27T00:00:00", "published": "2011-06-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20665", "id": "SSV:20665", "title": "Apple Mac OS X 10.6.8\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}], "slackware": [{"lastseen": "2019-05-30T07:37:30", "bulletinFamily": "unix", "description": "New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded.\n This version of patch ignores destination filenames that are absolute or\n that contain a component of "..", unless such a filename is provided as\n an argument.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/patch-2.7-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/patch-2.7-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/patch-2.7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/patch-2.7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/patch-2.7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/patch-2.7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/patch-2.7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/patch-2.7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/patch-2.7-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/patch-2.7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nebe093df28fc95c594af368597bf7262 patch-2.7-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nf39f3ce8bbba509b7e266b6c8c9dcf47 patch-2.7-i486-1_slack12.1.tgz\n\nSlackware 13.0 package:\ne8404d45a3b51f8a7ad67efedfb488d9 patch-2.7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n90d8b1e9237fe5080bd56a42de14d554 patch-2.7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nf0fdc8a64eb8051527e9854ea9adba72 patch-2.7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n60c3b0f3d1bc49b7e0140cbe65114560 patch-2.7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne70793008f94ef1f7f39b5e444bce6eb patch-2.7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n6fc457dbe6d32fd747336eb271a49c08 patch-2.7-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n95134353a77428529c66f801f405bc05 a/patch-2.7-i486-1.txz\n\nSlackware x86_64 -current package:\ne0128639a440509600c060f2cd1e0530 a/patch-2.7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg patch-2.7-i486-1_slack13.37.txz", "modified": "2012-09-13T21:29:31", "published": "2012-09-13T21:29:31", "id": "SSA-2012-257-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.460481", "title": "patch", "type": "slackware", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a popular open-source multi-threaded, multi-user SQL database server. \n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated remote attacker may be able to execute arbitrary code with the privileges of the MySQL process, cause a Denial of Service condition, bypass security restrictions, uninstall arbitrary MySQL plugins, or conduct Man-in-the-Middle and Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.1.56\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2012-01-05T00:00:00", "published": "2012-01-05T00:00:00", "id": "GLSA-201201-02", "href": "https://security.gentoo.org/glsa/201201-02", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T23:22:50", "bulletinFamily": "exploit", "description": "MySQL 5.1.48 'EXPLAIN' Denial Of Service Vulnerability. CVE-2010-3682. Dos exploit for linux platform", "modified": "2010-08-20T00:00:00", "published": "2010-08-20T00:00:00", "id": "EDB-ID:34506", "href": "https://www.exploit-db.com/exploits/34506/", "type": "exploitdb", "title": "MySQL <= 5.1.48 - 'EXPLAIN' Denial Of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/42599/info\r\n\r\nMySQL is prone to a denial-of-service vulnerability.\r\n\r\nAn attacker can exploit this issue to crash the database, denying access to legitimate users.\r\n\r\nThis issue affects versions prior to MySQL 5.1.49.\r\n\r\nNOTE: This issue was previously covered in BID 42594 (Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities) but has been given its own record to better document it. \r\n\r\nCREATE TABLE t1 (a VARCHAR(10), FULLTEXT KEY a (a));\r\nINSERT INTO t1 VALUES (1),(2);\r\nCREATE TABLE t2 (b INT);\r\nINSERT INTO t2 VALUES (1),(2);\r\n\r\nEXPLAIN SELECT * FROM t1 UNION SELECT * FROM t1\r\n ORDER BY (SELECT a FROM t2 WHERE b = 12);\r\n\r\nEXPLAIN SELECT * FROM t2 UNION SELECT * FROM t2\r\n ORDER BY (SELECT * FROM t1 WHERE MATCH(a) AGAINST ('+abc' IN BOOLEAN MODE));\r\n\r\nDROP TABLE t1,t2;\r\n\r\nexit;\r\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/34506/"}], "freebsd": [{"lastseen": "2019-05-29T18:34:00", "bulletinFamily": "unix", "description": "\nSubversion project reports:\n\nSubversion HTTP servers up to 1.5.9 (inclusive) or 1.6.15 (inclusive)\n\t are vulnerable to a remotely triggerable NULL-pointer dereference.\n\n", "modified": "2011-02-27T00:00:00", "published": "2011-02-27T00:00:00", "id": "E27CA763-4721-11E0-BDC4-001E8C75030D", "href": "https://vuxml.freebsd.org/freebsd/e27ca763-4721-11e0-bdc4-001e8c75030d.html", "title": "subversion -- remote HTTP DoS vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
