Lucene search
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_5_5_39.NASLHistorySep 26, 2019 - 12:00 a.m.
MariaDB 5.5.0 < 5.5.39 Multiple Vulnerabilities
2019-09-2600:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
The version of MariaDB installed on the remote host is prior to 5.5.39. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5539-release-notes advisory. These vulnerabilites relate to errors in the following components:
- CLIENT:MYSQLADMIN
- CLIENT:MYSQLDUMP
- SERVER:CHARACTER SETS
- SERVER:DDL
- SERVER:DML
- SERVER:MEMORY STORAGE ENGINE
- SERVER:MyISAM
- SERVER:PRIVILEGES AUTHENTICATION PLUGIN API
- SERVER:REPLICATION ROW FORMAT BINARY LOG DML
- SERVER:SSL:yaSSL
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(129354);
script_version("1.4");
script_cvs_date("Date: 2019/10/31 15:18:51");
script_cve_id(
"CVE-2014-4274",
"CVE-2014-4287",
"CVE-2014-6463",
"CVE-2014-6478",
"CVE-2014-6484",
"CVE-2014-6495",
"CVE-2014-6505",
"CVE-2014-6520",
"CVE-2014-6530",
"CVE-2014-6551",
"CVE-2015-0391"
);
script_bugtraq_id(
69732,
70455,
70462,
70486,
70489,
70496,
70510,
70516,
70517,
70532,
72205
);
script_name(english:"MariaDB 5.5.0 < 5.5.39 Multiple Vulnerabilities");
script_summary(english:"Checks the version of MariaDB.");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.39. It is, therefore, affected by multiple
vulnerabilities as referenced in the mariadb-5539-release-notes advisory. These vulnerabilites relate to errors in the
following components:
- CLIENT:MYSQLADMIN
- CLIENT:MYSQLDUMP
- SERVER:CHARACTER SETS
- SERVER:DDL
- SERVER:DML
- SERVER:MEMORY STORAGE ENGINE
- SERVER:MyISAM
- SERVER:PRIVILEGES AUTHENTICATION PLUGIN API
- SERVER:REPLICATION ROW FORMAT BINARY LOG DML
- SERVER:SSL:yaSSL
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5539-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.39 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6530");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2014/08/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include('mysql_version.inc');
mysql_check_version(variant: 'MariaDB', min:'5.5.0-MariaDB', fixed:make_list('5.5.39-MariaDB'), severity:SECURITY_WARNING);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
mariadb.com/kb/en/mariadb-5539-release-notes
Related
nessus
nessus
MySQL 5.5.x < 5.5.39 Multiple Vulnerabilities (October 2014 CPU)
2014-09-12 00:00:00
Fedora 20 : mariadb-galera-5.5.40-2.fc20 (2014-14791)
2014-12-03 00:00:00
MySQL 5.6.x < 5.6.20 Multiple Vulnerabilities (October 2014 CPU)
2014-09-12 00:00:00
openvas
openvas
Fedora Update for mariadb-galera FEDORA-2014-14791
2014-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-galera-5.5.40-2.fc20
2014-12-03 01:02:24
[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20
2014-12-12 04:25:50
ubuntu
ubuntu
MySQL vulnerabilities
2014-10-15 00:00:00
debian
debian
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 16:19:38
[SECURITY] [DLA 75-1] mysql-5.1 security update
2014-10-22 06:46:51
osv
osv
mysql-5.5 - security update
2014-10-20 00:00:00
mysql-5.1 - security update
2014-10-22 00:00:00
f5
f5
SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
K15725 : Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
K16355 : Multiple MySQL vulnerabilities
2015-10-06 00:00:00
redhat
redhat
(RHSA-2014:1937) Important: mariadb-galera security update
2014-12-02 16:39:58
(RHSA-2014:1940) Important: mariadb-galera security update
2014-12-02 16:44:45
(RHSA-2014:1862) Important: mariadb55-mariadb security update
2014-11-17 00:00:00
oraclelinux
oraclelinux
mysql55-mysql security update
2014-11-17 00:00:00
mariadb security update
2014-11-17 00:00:00
mariadb security update
2015-02-03 00:00:00
centos
centos
mariadb security update
2014-11-17 17:32:07
mysql55 security update
2014-11-17 17:35:05
mariadb security update
2015-02-05 16:54:20
suse
suse
Security update for MySQL (important)
2015-03-28 01:04:56
Security update for mariadb (important)
2015-04-21 19:05:04
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
mariadbunix
mariadbunix
cvelist
cvelist
ubuntucve
ubuntucve
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:04:51
Denial Of Service (DoS)
2019-05-02 05:04:50
Information Disclosure
2019-05-02 05:04:51
cve
cve
debiancve
debiancve
CVE-2014-6495
2014-10-15 22:55:00
CVE-2014-6478
2014-10-15 15:55:00
mageia
mageia
Updated mariadb packages fix CVE-2014-4274
2014-09-15 14:36:30
ibm
ibm
gentoo
gentoo
MySQL and MariaDB: Multiple vulnerabilities
2015-04-11 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2014-11-03 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Related for MARIADB_5_5_39.NASL