Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_5_5_23.NASLHistoryNov 18, 2022 - 12:00 a.m.
MariaDB 5.5.0 < 5.5.23 Multiple Vulnerabilities
2022-11-1800:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
The version of MariaDB installed on the remote host is prior to 5.5.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5-5-23-release-notes advisory.
-
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
(CVE-2012-1689) -
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. (CVE-2012-2750)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(167899);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/18");
script_cve_id("CVE-2012-1689", "CVE-2012-2750");
script_name(english:"MariaDB 5.5.0 < 5.5.23 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.23. It is, therefore, affected by multiple
vulnerabilities as referenced in the mariadb-5-5-23-release-notes advisory.
- Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote
authenticated users to affect availability via unknown vectors related to Server Optimizer.
(CVE-2012-1689)
- Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a
Security Fix, aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816,
Oracle has not commented on this possibility. (CVE-2012-2750)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5-5-23-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.23 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2750");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl", "mariadb_nix_installed.nbin", "mariadb_win_installed.nbin");
script_require_keys("installed_sw/MariaDB");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'MariaDB');
if (!(app_info.local) && report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, 'MariaDB');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '5.5', 'fixed_version' : '5.5.23' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Related
cvelist
cvelist
CVE-2012-2750
2012-08-17 00:00:00
CVE-2012-1689
2012-07-17 22:00:00
nessus
nessus
MySQL 5.5 < 5.5.23 Multiple Unspecified Vulnerabilities
2012-07-13 00:00:00
Debian DSA-2780-1 : mysql-5.1 - several vulnerabilities
2013-10-20 00:00:00
MySQL 5.1 < 5.1.71 Server Optimizer Denial of Service
2013-10-16 00:00:00
ubuntucve
ubuntucve
CVE-2012-2750
2012-06-11 00:00:00
CVE-2012-1689
2012-07-17 00:00:00
prion
prion
Code injection
2012-08-17 00:55:00
Design/Logic Flaw
2012-07-17 22:55:00
cve
cve
CVE-2012-2750
2012-08-17 00:55:03
CVE-2012-1689
2012-07-17 22:55:01
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:40:59
Denial Of Service (DoS)
2019-05-02 04:41:01
Denial Of Service (DoS)
2019-05-02 04:40:59
openvas
openvas
Oracle MySQL Server <= 5.1.62 / 5.4.x <= 5.5.22 Security Update (cpujul2012) - Windows
2021-03-18 00:00:00
Oracle MySQL Server <= 5.1.62 / 5.4.x <= 5.5.22 Security Update (cpujul2012) - Linux
2021-03-18 00:00:00
Debian Security Advisory DSA 2780-1 (mysql-5.1 - several vulnerabilities)
2013-10-18 00:00:00
debian
debian
[SECURITY] [DSA 2780-1] mysql-5.1 security update
2013-10-18 13:50:52
oraclelinux
oraclelinux
mysql security update
2012-11-14 00:00:00
centos
centos
mysql security update
2012-11-15 03:44:02
redhat
redhat
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
Related for MARIADB_5_5_23.NASL