Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2015-091.NASL
HistoryMar 30, 2015 - 12:00 a.m.

Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)

2015-03-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
8

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.8%

JSON

This update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities.

Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:091. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82344);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-5615", "CVE-2013-5908", "CVE-2014-0384", "CVE-2014-0401", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0437", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6478", "CVE-2014-6484", "CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6495", "CVE-2014-6496", "CVE-2014-6500", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0391", "CVE-2015-0411", "CVE-2015-0432");
  script_xref(name:"MDVSA", value:"2015:091");

  script_name(english:"Mandriva Linux Security Advisory : mariadb (MDVSA-2015:091)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update provides MariaDB 5.5.42, which fixes several security
issues and other bugs. Please refer to the Oracle Critical Patch
Update Advisories and the Release Notes for MariaDB for further
information regarding the security vulnerabilities.

Additionally the jemalloc packages is being provided as it was
previousely provided with the mariadb source code, built and used but
removed from the mariadb source code since 5.5.40."
  );
  # http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ef1fc2a6"
  );
  # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?17c46362"
  );
  # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?75c6cafb"
  );
  # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1ada40cc"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5535-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5536-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5537-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5538-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5539-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5540-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5541-release-notes/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://mariadb.com/kb/en/library/mariadb-5542-release-notes/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64jemalloc1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb-embedded18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mariadb18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-common-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-feedback");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mariadb-obsolete");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mysql-MariaDB");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc-devel-3.6.0-2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64jemalloc1-3.6.0-2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-devel-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded-devel-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb-embedded18-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64mariadb18-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-bench-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-client-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-common-core-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-core-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-extra-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-feedback-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mariadb-obsolete-5.5.42-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"mysql-MariaDB-5.5.42-1.mbs2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64jemalloc-develp-cpe:/a:mandriva:linux:lib64jemalloc-devel
mandrivalinuxlib64jemalloc1p-cpe:/a:mandriva:linux:lib64jemalloc1
mandrivalinuxlib64mariadb-develp-cpe:/a:mandriva:linux:lib64mariadb-devel
mandrivalinuxlib64mariadb-embedded-develp-cpe:/a:mandriva:linux:lib64mariadb-embedded-devel
mandrivalinuxlib64mariadb-embedded18p-cpe:/a:mandriva:linux:lib64mariadb-embedded18
mandrivalinuxlib64mariadb18p-cpe:/a:mandriva:linux:lib64mariadb18
mandrivalinuxmariadbp-cpe:/a:mandriva:linux:mariadb
mandrivalinuxmariadb-benchp-cpe:/a:mandriva:linux:mariadb-bench
mandrivalinuxmariadb-clientp-cpe:/a:mandriva:linux:mariadb-client
mandrivalinuxmariadb-commonp-cpe:/a:mandriva:linux:mariadb-common
Rows per page:
1-10 of 171

References

Related

openvas 63
osv 3
debian 8
nessus 67
redhat 13
centos 6
ubuntu 4
f5 3
oraclelinux 5
fedora 10
ibm 1
gentoo 2
veracode 5
suse 2
slackware 2
mageia 3
amazon 2
openvas
openvas
Ubuntu: Security Advisory (USN-2384-1)
2014-10-16 00:00:00
Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)
2014-10-20 00:00:00
CentOS Update for mariadb CESA-2014:1861 centos7
2014-11-18 00:00:00
osv
osv
mysql-5.5 - security update
2014-10-20 00:00:00
mysql-5.5 - security update
2014-05-03 00:00:00
mysql-5.5 - security update
2015-01-23 00:00:00
debian
debian
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
[SECURITY] [DSA 3135-1] mysql-5.5 security update
2015-01-23 16:16:51
nessus
nessus
Oracle Linux 7 : mariadb (ELSA-2014-1861)
2014-11-21 00:00:00
Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)
2014-11-21 00:00:00
CentOS 7 : mariadb (CESA-2014:1861)
2014-11-18 00:00:00
redhat
redhat
(RHSA-2014:1861) Important: mariadb security update
2014-11-17 00:00:00
(RHSA-2014:1862) Important: mariadb55-mariadb security update
2014-11-17 00:00:00
(RHSA-2014:1859) Important: mysql55-mysql security update
2014-11-17 00:00:00
centos
centos
mysql55 security update
2014-11-17 17:35:05
mariadb security update
2014-11-17 17:32:07
mariadb55 security update
2014-05-21 17:57:10
ubuntu
ubuntu
MySQL vulnerabilities
2014-10-15 00:00:00
MySQL vulnerabilities
2015-01-22 00:00:00
MySQL vulnerabilities
2014-04-23 00:00:00
f5
f5
SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
K15725 : Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
SOL16355 - Multiple MySQL vulnerabilities
2015-04-03 00:00:00
oraclelinux
oraclelinux
mysql55-mysql security update
2014-11-17 00:00:00
mariadb security update
2014-11-17 00:00:00
mariadb security update
2015-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-galera-5.5.40-2.fc20
2014-12-03 01:02:24
[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20
2014-12-12 04:25:50
[SECURITY] Fedora 20 Update: community-mysql-5.5.41-1.fc20
2015-02-15 03:25:22
ibm
ibm
Security Bulletin: InfoSphere Guardium Database Activity Monitoring vulnerable to multiple Oracle MySQL vulnerabilties
2018-06-16 21:28:16
gentoo
gentoo
MySQL, MariaDB: Multiple vulnerabilities
2014-11-05 00:00:00
MySQL and MariaDB: Multiple vulnerabilities
2015-04-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:58:13
Unauthorized Access
2019-05-02 04:58:14
Denial Of Service (DoS)
2019-05-02 04:58:13
suse
suse
Security update for MySQL (important)
2015-03-28 01:04:56
Security update for mariadb (important)
2015-04-21 19:05:04
slackware
slackware
[slackware-security] mariadb
2014-11-04 01:25:07
[slackware-security] mariadb
2014-06-01 21:04:10
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2014-10-26 00:23:09
Updated mariadb packages fix security vulnerabilities
2014-05-24 11:23:00
Updated mariadb package fixes security vulnerabilities
2014-07-26 16:49:23
amazon
amazon
Medium: mysql55
2014-04-25 15:48:00
Important: mysql55
2014-10-16 22:14:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.065 Low

EPSS

Percentile

93.8%

JSON
Related for MANDRIVA_MDVSA-2015-091.NASL
openvas63osv3debian8nessus67redhat13centos6ubuntu4f53oraclelinux5fedora10ibm1gentoo2veracode5suse2slackware2mageia3amazon2