MariaDB 5.5.0 < 5.5.22 Multiple Vulnerabilities - Remote Code Executio
Reporter | Title | Published | Views | Family All 63 |
---|---|---|---|---|
OpenVAS | MySQL Server Components Multiple Unspecified Vulnerabilities | 23 Nov 201700:00 | – | openvas |
OpenVAS | MySQL Server Components Multiple Unspecified Vulnerabilities | 4 Jun 201300:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 2496-1 (mysql-5.1) | 10 Aug 201200:00 | – | openvas |
OpenVAS | Amazon Linux: Security Advisory (ALAS-2012-141) | 8 Sep 201500:00 | – | openvas |
OpenVAS | MySQL Server Component Partition Unspecified Vulnerability | 23 Nov 201700:00 | – | openvas |
OpenVAS | MySQL Server Component Partition Unspecified Vulnerability | 4 Jun 201300:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-2496-1) | 10 Aug 201200:00 | – | openvas |
OpenVAS | RedHat Update for mysql RHSA-2012:1462-01 | 15 Nov 201200:00 | – | openvas |
OpenVAS | CentOS Update for mysql CESA-2012:1462 centos6 | 15 Nov 201200:00 | – | openvas |
OpenVAS | CentOS Update for mysql CESA-2012:1462 centos6 | 15 Nov 201200:00 | – | openvas |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(167863);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");
script_cve_id(
"CVE-2012-1688",
"CVE-2012-1690",
"CVE-2012-1697",
"CVE-2012-1703"
);
script_name(english:"MariaDB 5.5.0 < 5.5.22 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple
vulnerabilities as referenced in the mariadb-5-5-22-release-notes advisory.
- Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and
earlier, allows remote authenticated users to affect availability, related to Server DML. (CVE-2012-1688)
- Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and
earlier, allows remote authenticated users to affect availability via unknown vectors related to Server
Optimizer, a different vulnerability than CVE-2012-1703. (CVE-2012-1690)
- Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote
authenticated users to affect availability via unknown vectors related to Partition. (CVE-2012-1697)
- Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and
earlier, allows remote authenticated users to affect availability via unknown vectors related to Server
Optimizer, a different vulnerability than CVE-2012-1690. (CVE-2012-1703)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5-5-22-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.22 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1703");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl", "mariadb_nix_installed.nbin", "mariadb_win_installed.nbin");
script_require_keys("installed_sw/MariaDB");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'MariaDB');
if (!(app_info.local) && report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, 'MariaDB');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '5.5', 'fixed_version' : '5.5.22' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo