Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_5_5_35.NASL
HistoryFeb 06, 2014 - 12:00 a.m.

MariaDB 5.5 < 5.5.35 Multiple Vulnerabilities

2014-02-0600:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.35. It is, therefore, potentially affected by the following vulnerabilities :

  • Errors exist related to the following subcomponents :
    Error Handling, FTS, GIS, InnoDB, Locking, Optimizer, Partition, Performance Schema, Privileges, Replication, and Thread Pooling. (CVE-2013-5860, CVE-2013-5881, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437)

  • An unspecified error exists related to stored procedures handling that could allow denial of service attacks. (CVE-2013-5882)

  • An error exists in the file ‘client/mysql.cc’ that could allow a buffer overflow leading to denial of service or possibly arbitrary code execution.
    (CVE-2014-0001)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(72374);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/18");

  script_cve_id(
    "CVE-2013-5908",
    "CVE-2014-0401",
    "CVE-2014-0412",
    "CVE-2014-0420",
    "CVE-2014-0437"
  );
  script_bugtraq_id(
    64849,
    64854,
    64864,
    64868,
    64873,
    64877,
    64880,
    64885,
    64888,
    64891,
    64893,
    64895,
    64896,
    64897,
    64898,
    64904,
    64908,
    65298,
    65312
  );

  script_name(english:"MariaDB 5.5 < 5.5.35 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MariaDB 5.5 running on the remote host is a version
prior to 5.5.35. It is, therefore, potentially affected by the
following vulnerabilities :

  - Errors exist related to the following subcomponents :
    Error Handling, FTS, GIS, InnoDB, Locking, Optimizer,
    Partition, Performance Schema, Privileges, Replication,
    and Thread Pooling. (CVE-2013-5860, CVE-2013-5881,
    CVE-2013-5891, CVE-2013-5894, CVE-2013-5908,
    CVE-2014-0386, CVE-2014-0393, CVE-2014-0401,
    CVE-2014-0402, CVE-2014-0412, CVE-2014-0420,
    CVE-2014-0427, CVE-2014-0430, CVE-2014-0431,
    CVE-2014-0433, CVE-2014-0437)

  - An unspecified error exists related to stored
    procedures handling that could allow denial of service
    attacks. (CVE-2013-5882)

  - An error exists in the file 'client/mysql.cc' that
    could allow a buffer overflow leading to denial of
    service or possibly arbitrary code execution.
    (CVE-2014-0001)");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-5535-changelog/");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-4974");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5353");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5356");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5396");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5405");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5406");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5453");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5458");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5461");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-5504");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB 5.5.35 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0412");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(variant:'MariaDB', fixed:'5.5.35-MariaDB', min:'5.5', severity:SECURITY_WARNING);
VendorProductVersionCPE
mariadbmariadbcpe:/a:mariadb:mariadb

Related

f5 4
nessus 35
openvas 52
debian 6
ubuntu 2
redhat 4
veracode 11
amazon 1
oraclelinux 2
centos 4
suse 1
gentoo 1
fedora 7
prion 18
cve 18
ubuntucve 18
mariadbunix 9
checkpoint_advisories 1
slackware 1
osv 2
securityvulns 1
oracle 1
f5
f5
SOL16385 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
K16385 : Multiple MySQL vulnerabilities
2015-10-09 00:00:00
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
nessus
nessus
MySQL 5.6.x < 5.6.14 Multiple Vulnerabilities
2014-01-15 00:00:00
Mandriva Linux Security Advisory : mariadb (MDVSA-2014:028)
2014-02-14 00:00:00
MySQL 5.6.x < 5.6.15 Multiple Vulnerabilities
2014-01-15 00:00:00
openvas
openvas
Ubuntu Update for mysql-5.5 USN-2086-1
2014-01-27 00:00:00
Debian Security Advisory DSA 2848-1 (mysql-5.5 - several vulnerabilities)
2014-01-23 00:00:00
Debian: Security Advisory (DSA-2848-1)
2014-01-22 00:00:00
debian
debian
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:48:55
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
MySQL vulnerabilities
2014-04-23 00:00:00
redhat
redhat
(RHSA-2014:0164) Moderate: mysql security and bug fix update
2014-02-12 00:00:00
(RHSA-2014:0173) Moderate: mysql55-mysql security update
2014-02-13 00:00:00
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
oraclelinux
oraclelinux
mysql security and bug fix update
2014-02-12 00:00:00
mysql55-mysql security update
2014-02-18 00:00:00
centos
centos
mysql security update
2014-02-12 19:48:34
mariadb55 security update
2014-02-26 15:32:19
mysql55 security update
2014-02-19 17:28:37
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 20 Update: mariadb-5.5.37-1.fc20
2014-04-29 05:27:03
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
prion
prion
Design/Logic Flaw
2014-01-15 16:11:00
Design/Logic Flaw
2014-01-15 16:08:00
Buffer overflow
2014-01-15 16:08:00
cve
cve
CVE-2014-0431
2014-01-15 16:08:00
CVE-2013-5881
2014-01-15 16:11:00
CVE-2013-5894
2014-01-15 16:08:00
ubuntucve
ubuntucve
CVE-2014-0431
2014-01-15 00:00:00
CVE-2013-5881
2014-01-15 00:00:00
CVE-2013-5894
2014-01-15 00:00:00
mariadbunix
mariadbunix
CVE-2013-5891
2014-01-15 16:08:00
CVE-2013-5908
2014-01-15 16:08:00
CVE-2014-0420
2014-01-15 16:08:00
checkpoint_advisories
checkpoint_advisories
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
2014-03-16 00:00:00
slackware
slackware
mariadb, mysql
2014-02-19 20:24:35
osv
osv
mysql-5.1 - security update
2014-10-22 00:00:00
mysql-5.5 - security update
2014-05-03 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
JSON
Related for MARIADB_5_5_35.NASL
f54nessus35openvas52debian6ubuntu2redhat4veracode11amazon1oraclelinux2centos4suse1gentoo1fedora7prion18cve18ubuntucve18mariadbunix9checkpoint_advisories1slackware1osv2securityvulns1oracle1