Lucene search
This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_5_51_RPM.NASLHistoryAug 17, 2016 - 12:00 a.m.
MySQL 5.5.x < 5.5.51 Multiple Vulnerabilities
2016-08-1700:00:00
This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.004
Percentile
74.4%
The version of MySQL running on the remote host is 5.5.x prior to 5.5.51. It is, therefore, affected by the multiple denial of service vulnerabilities:
-
An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612)
-
A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(93001);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");
script_cve_id("CVE-2016-5612");
script_name(english:"MySQL 5.5.x < 5.5.51 Multiple Vulnerabilities");
script_summary(english:"Checks the version of MySQL server.");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple denial of service
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.5.x prior to
5.5.51. It is, therefore, affected by the multiple denial of service
vulnerabilities:
- An unspecified flaw exists in the DML subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2016-5612)
- A denial of service vulnerability exists in the
NAME_CONST() function when handling certain unspecified
arguments. An authenticated, remote attacker can exploit
this to cause the server to exit.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
# http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html");
# https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453a538d");
script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.5.51 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5612");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");
exit(0);
}
include("mysql_version.inc");
fix_version = "5.5.51";
exists_version = "5.5";
mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
Related
openvas
openvas
Oracle MySQL Server <= 5.5.50 / 5.6 <= 5.6.31 / 5.7 <= 5.7.13 Security Update (cpuoct2016) - Linux
2016-10-19 00:00:00
Oracle MySQL Server <= 5.5.50 / 5.6 <= 5.6.31 / 5.7 <= 5.7.13 Security Update (cpuoct2016) - Windows
2016-10-19 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2016:2746-1)
2016-11-14 00:00:00
mariadbunix
mariadbunix
CVE-2016-5612
2016-10-25 14:31:00
nvd
nvd
CVE-2016-5612
2016-10-25 14:31:26
ubuntucve
ubuntucve
CVE-2016-5612
2016-10-25 00:00:00
redhatcve
redhatcve
CVE-2016-5612
2019-10-16 06:02:29
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
veracode
veracode
Denial Of Service
2019-05-02 05:46:20
cvelist
cvelist
CVE-2016-5612
2016-10-25 14:00:00
nessus
nessus
MySQL 5.5.x < 5.5.51 Multiple DoS
2016-08-17 00:00:00
MariaDB 5.5.x < 5.5.51 Multiple Vulnerabilities
2016-09-20 00:00:00
MariaDB 10.0.x < 10.0.27 Multiple Vulnerabilities
2016-09-20 00:00:00
cve
cve
CVE-2016-5612
2016-10-25 14:31:26
suse
suse
Security update for mariadb (important)
2016-11-08 18:07:29
Security update for mysql-community-server (important)
2016-11-12 15:04:50
Security update for mysql-community-server (important)
2016-11-10 17:08:28
ibm
ibm
Security Bulletin: Vulnerabilities in mariadb affect PowerKVM
2018-06-18 01:34:53
redhat
redhat
(RHSA-2016:2595) Important: mariadb security and bug fix update
2016-11-03 06:07:15
(RHSA-2016:2131) Important: mariadb55-mariadb security update
2016-10-31 22:00:47
(RHSA-2016:2130) Important: mysql55-mysql security update
2016-10-31 19:33:48
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-11-09 00:00:00
centos
centos
mariadb security update
2016-11-25 16:00:08
gentoo
gentoo
MariaDB and MySQL: Multiple vulnerabilities
2017-01-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.004
Percentile
74.4%
Related for MYSQL_5_5_51_RPM.NASL