Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_5_5_40.NASL
HistoryNov 18, 2022 - 12:00 a.m.

MariaDB 5.5.0 < 5.5.40 Multiple Vulnerabilities

2022-11-1800:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The version of MariaDB installed on the remote host is prior to 5.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5-5-40-release-notes advisory.

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
    (CVE-2014-6464)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. (CVE-2014-6469)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. (CVE-2014-6491)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. (CVE-2014-6494)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. (CVE-2014-6496)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. (CVE-2014-6500)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. (CVE-2014-6507)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. (CVE-2014-6555)

  • Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. (CVE-2014-6559)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(167895);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/18");

  script_cve_id(
    "CVE-2014-6464",
    "CVE-2014-6469",
    "CVE-2014-6491",
    "CVE-2014-6494",
    "CVE-2014-6496",
    "CVE-2014-6500",
    "CVE-2014-6507",
    "CVE-2014-6555",
    "CVE-2014-6559"
  );

  script_name(english:"MariaDB 5.5.0 < 5.5.40 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.40. It is, therefore, affected by multiple
vulnerabilities as referenced in the mariadb-5-5-40-release-notes advisory.

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote
    authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
    (CVE-2014-6464)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote
    authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. (CVE-2014-6469)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote
    attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL,
    a different vulnerability than CVE-2014-6500. (CVE-2014-6491)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote
    attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than
    CVE-2014-6496. (CVE-2014-6494)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote
    attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than
    CVE-2014-6494. (CVE-2014-6496)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote
    attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL,
    a different vulnerability than CVE-2014-6491. (CVE-2014-6500)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote
    authenticated users to affect confidentiality, integrity, and availability via vectors related to
    SERVER:DML. (CVE-2014-6507)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote
    authenticated users to affect confidentiality, integrity, and availability via vectors related to
    SERVER:DML. (CVE-2014-6555)

  - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote
    attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. (CVE-2014-6559)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5-5-40-release-notes");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.40 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6500");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/18");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl", "mariadb_nix_installed.nbin", "mariadb_win_installed.nbin");
  script_require_keys("installed_sw/MariaDB");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'MariaDB');

if (!(app_info.local) && report_paranoia < 2)
  audit(AUDIT_POTENTIAL_VULN, 'MariaDB');

vcf::check_all_backporting(app_info:app_info);

var constraints = [
  { 'min_version' : '5.5', 'fixed_version' : '5.5.40' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
mariadbmariadbcpe:/a:mariadb:mariadb

Related

mageia 1
openvas 24
slackware 1
nessus 24
gentoo 1
ibm 1
amazon 1
mariadbunix 9
ubuntucve 9
cve 9
debian 2
ubuntu 1
prion 9
debiancve 4
osv 1
f5 2
suse 3
redhat 6
veracode 5
oraclelinux 2
centos 2
fedora 1
securityvulns 1
oracle 1
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2014-10-26 00:23:09
openvas
openvas
Oracle MySQL Server <= 5.5.39 / 5.6 <= 5.6.20 Security Update (cpuoct2014) - Linux
2016-06-03 00:00:00
Mageia: Security Advisory (MGASA-2014-0424)
2022-01-28 00:00:00
Slackware: Security Advisory (SSA:2014-307-01)
2022-04-21 00:00:00
slackware
slackware
[slackware-security] mariadb
2014-11-04 01:25:07
nessus
nessus
GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities
2014-11-06 00:00:00
Slackware 14.1 / current : mariadb (SSA:2014-307-01)
2014-11-04 00:00:00
MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities
2019-09-26 00:00:00
gentoo
gentoo
MySQL, MariaDB: Multiple vulnerabilities
2014-11-05 00:00:00
ibm
ibm
Security Bulletin: InfoSphere Guardium Database Activity Monitoring vulnerable to multiple Oracle MySQL vulnerabilties
2018-06-16 21:28:16
amazon
amazon
Important: mysql55
2014-10-16 22:14:00
mariadbunix
mariadbunix
CVE-2014-6496
2014-10-15 22:55:00
CVE-2014-6500
2014-10-15 22:55:00
CVE-2014-6494
2014-10-15 22:55:00
ubuntucve
ubuntucve
CVE-2014-6496
2014-10-15 00:00:00
CVE-2014-6500
2014-10-15 00:00:00
CVE-2014-6491
2014-10-15 00:00:00
cve
cve
CVE-2014-6491
2014-10-15 22:55:00
CVE-2014-6496
2014-10-15 22:55:00
CVE-2014-6500
2014-10-15 22:55:00
debian
debian
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 16:19:38
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
ubuntu
ubuntu
MySQL vulnerabilities
2014-10-15 00:00:00
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
debiancve
debiancve
CVE-2014-6496
2014-10-15 22:55:00
CVE-2014-6494
2014-10-15 22:55:00
CVE-2014-6491
2014-10-15 22:55:00
osv
osv
mysql-5.5 - security update
2014-10-20 00:00:00
f5
f5
K15725 : Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
suse
suse
Security update for MariaDB (important)
2015-07-09 17:08:05
Security update for MySQL (important)
2015-03-28 01:04:56
Security update for mariadb (important)
2015-04-21 19:05:04
redhat
redhat
(RHSA-2014:1862) Important: mariadb55-mariadb security update
2014-11-17 00:00:00
(RHSA-2014:1860) Important: mysql55-mysql security update
2014-11-17 00:00:00
(RHSA-2014:1940) Important: mariadb-galera security update
2014-12-02 16:44:45
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:50
Arbitrary Code Execution
2019-05-02 05:04:50
Information Disclosure
2019-05-02 05:04:51
oraclelinux
oraclelinux
mysql55-mysql security update
2014-11-17 00:00:00
mariadb security update
2014-11-17 00:00:00
centos
centos
mariadb security update
2014-11-17 17:32:07
mysql55 security update
2014-11-17 17:35:05
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20
2014-12-12 04:25:50
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2014-11-03 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
JSON
Related for MARIADB_5_5_40.NASL
mageia1openvas24slackware1nessus24gentoo1ibm1amazon1mariadbunix9ubuntucve9cve9debian2ubuntu1prion9debiancve4osv1f52suse3redhat6veracode5oraclelinux2centos2fedora1securityvulns1oracle1