MiracleLinux 7 : mysql55-mysql-5.5.50-1.el7 (AXSA:2016-579:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-579:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289356);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2015-4792",
    "CVE-2015-4802",
    "CVE-2015-4815",
    "CVE-2015-4826",
    "CVE-2015-4830",
    "CVE-2015-4836",
    "CVE-2015-4858",
    "CVE-2015-4861",
    "CVE-2015-4870",
    "CVE-2015-4913",
    "CVE-2016-0505",
    "CVE-2016-0546",
    "CVE-2016-0596",
    "CVE-2016-0597",
    "CVE-2016-0598",
    "CVE-2016-0600",
    "CVE-2016-0606",
    "CVE-2016-0608",
    "CVE-2016-0609",
    "CVE-2016-0616",
    "CVE-2016-0640",
    "CVE-2016-0641",
    "CVE-2016-0642",
    "CVE-2016-0643",
    "CVE-2016-0644",
    "CVE-2016-0646",
    "CVE-2016-0647",
    "CVE-2016-0648",
    "CVE-2016-0649",
    "CVE-2016-0650",
    "CVE-2016-0651",
    "CVE-2016-0666",
    "CVE-2016-2047",
    "CVE-2016-3452",
    "CVE-2016-3471",
    "CVE-2016-3477",
    "CVE-2016-3521",
    "CVE-2016-3615",
    "CVE-2016-5440",
    "CVE-2016-5444"
  );

  script_name(english:"MiracleLinux 7 : mysql55-mysql-5.5.50-1.el7 (AXSA:2016-579:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-579:01 advisory.

    Security issues fixed with this release:
    CVE-2015-4792
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    availability via unknown vectors related to Server : Partition, a
    different vulnerability than CVE-2015-4802.
    CVE-2015-4802
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    availability via unknown vectors related to Server : Partition, a
    different vulnerability than CVE-2015-4792.
    CVE-2015-4815
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    availability via vectors related to Server : DDL.
    CVE-2015-4826
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    confidentiality via unknown vectors related to Server : Types.
    CVE-2015-4830
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    integrity via unknown vectors related to Server : Security :
    Privileges.
    CVE-2015-4836
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
    and 5.6.26 and earlier, allows remote authenticated users to affect
    availability via unknown vectors related to Server : SP.
    CVE-2015-4858
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
    and 5.6.26 and earlier, allows remote authenticated users to affect
    availability via vectors related to DML, a different vulnerability
    than CVE-2015-4913.
    CVE-2015-4861
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
    and 5.6.26 and earlier, allows remote authenticated users to affect
    availability via unknown vectors related to Server : InnoDB.
    CVE-2015-4870
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
    and 5.6.26 and earlier, allows remote authenticated users to affect
    availability via unknown vectors related to Server : Parser.
    CVE-2015-4913
    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
    and 5.6.26 and earlier allows remote authenticated users to affect
    availability via vectors related to Server : DML, a different
    vulnerability than CVE-2015-4858.
    CVE-2016-0505
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via unknown vectors related to Options.
    CVE-2016-0546
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows local users to affect
    confidentiality, integrity, and availability via unknown vectors
    related to Client.  NOTE: the previous information is from the January
    2016 CPU. Oracle has not commented on third-party claims that these
    are multiple buffer overflows in the mysqlshow tool that allow remote
    database servers to have unspecified impact via a long table or
    database name.
    CVE-2016-0596
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and
    5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23,
    and 10.1.x before 10.1.10 allows remote authenticated users to affect
    availability via vectors related to DML.
    CVE-2016-0597
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via unknown vectors related to Optimizer.
    CVE-2016-0598
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via vectors related to DML.
    CVE-2016-0600
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via unknown vectors related to InnoDB.
    CVE-2016-0606
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect integrity via unknown vectors related to encryption.
    CVE-2016-0608
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via vectors related to UDF.
    CVE-2016-0609
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
    and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
    10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
    to affect availability via unknown vectors related to privileges.
    CVE-2016-0616
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and
    MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before
    10.1.10 allows remote authenticated users to affect availability via
    unknown vectors related to Optimizer.
    CVE-2016-0640
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    integrity and availability via vectors related to DML.
    CVE-2016-0641
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    confidentiality and availability via vectors related to MyISAM.
    CVE-2016-0642
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows local users to affect
    integrity and availability via vectors related to Federated.
    CVE-2016-0643
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows local users to affect
    confidentiality via vectors related to DML.
    CVE-2016-0644
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    availability via vectors related to DDL.
    CVE-2016-0646
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    availability via vectors related to DML.
    CVE-2016-0647
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows local users to affect
    availability via vectors related to FTS.
    CVE-2016-0648
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows local users to affect
    availability via vectors related to PS.
    CVE-2016-0649
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    availability via vectors related to PS.
    CVE-2016-0650
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28
    and earlier, and 5.7.10 and earlier allows local users to affect
    availability via vectors related to Replication.
    CVE-2016-0651
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    local users to affect availability via vectors related to Optimizer.
    CVE-2016-0666
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows local users to affect
    availability via vectors related to Security: Privileges.
    CVE-2016-2047
    The ssl_verify_server_cert function in sql-common/client.c in MariaDB
    before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10;
    Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and
    earlier; and Percona Server do not properly verify that the server
    hostname matches a domain name in the subject's Common Name (CN) or
    subjectAltName field of the X.509 certificate, which allows
    man-in-the-middle attackers to spoof SSL servers via a /CN= string
    in a field in a certificate, as demonstrated by
    /OU=/CN=bar.com/CN=foo.com.
    CVE-2016-3452
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.10 and earlier allows remote attackers to affect
    confidentiality via vectors related to Server: Security: Encryption.
    CVE-2016-3471
    Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and
    5.6.26 and earlier allows local users to affect confidentiality,
    integrity, and availability via vectors related to Server: Option.
    CVE-2016-3477
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30
    and earlier, and 5.7.12 and earlier allows local users to affect
    confidentiality, integrity, and availability via vectors related to
    Server: Parser.
    CVE-2016-3521
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30
    and earlier, and 5.7.12 and earlier allows remote authenticated users
    to affect availability via vectors related to Server: Types.
    CVE-2016-3615
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30
    and earlier, and 5.7.12 and earlier allows remote authenticated users
    to affect availability via vectors related to Server: DML.
    CVE-2016-5440
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30
    and earlier, and 5.7.12 and earlier allows remote administrators to
    affect availability via vectors related to Server: RBR.
    CVE-2016-5444
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29
    and earlier, and 5.7.11 and earlier allows remote attackers to affect
    confidentiality via vectors related to Server: Connection.
    The following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.50).

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/7011");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0546");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2016-3477");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mysql55-mysql-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '7',
    'pkgs': [
      {'reference':'mysql55-mysql-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mysql55-mysql-bench-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mysql55-mysql-devel-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mysql55-mysql-libs-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mysql55-mysql-server-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mysql55-mysql-test-5.5.50-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-devel / etc');
}