Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_5_55_RPM.NASL
HistoryApr 20, 2017 - 12:00 a.m.

MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)

2017-04-2000:00:00
This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
197
JSON

The version of MySQL running on the remote host is 5.5.x prior to 5.5.55. It is, therefore, affected by multiple vulnerabilities :

  • A use-after-free error exists in the mysql_prune_stmt_list() function in client.c that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3302)

  • An authentication information disclosure vulnerability, known as Riddle, exists due to authentication being performed prior to security parameter verification. A man-in-the-middle (MitM) attacker can exploit this vulnerability to disclose sensitive authentication information, which the attacker can later use for authenticating to the server. (CVE-2017-3305)

  • Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3308, CVE-2017-3456)

  • Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453)

  • An unspecified flaw exists in the Thread Pooling subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete data contained in the database. (CVE-2017-3329)

  • Multiple unspecified flaws exist in the ‘Security: Privileges’ subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)

  • An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database.
    (CVE-2017-3464)

  • An unspecified flaw exists in the ‘Client mysqldump’ subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3600)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99510);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");

  script_cve_id(
    "CVE-2017-3302",
    "CVE-2017-3305",
    "CVE-2017-3308",
    "CVE-2017-3309",
    "CVE-2017-3329",
    "CVE-2017-3453",
    "CVE-2017-3456",
    "CVE-2017-3461",
    "CVE-2017-3462",
    "CVE-2017-3463",
    "CVE-2017-3464",
    "CVE-2017-3600"
  );
  script_bugtraq_id(
    96162,
    97023,
    97725,
    97742,
    97763,
    97765,
    97776,
    97812,
    97818,
    97831,
    97849,
    97851
  );

  script_name(english:"MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.5.x prior to
5.5.55. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists in the
    mysql_prune_stmt_list() function in client.c that allows
    an authenticated, remote attacker to cause a denial of
    service condition. (CVE-2017-3302)

  - An authentication information disclosure vulnerability,
    known as Riddle, exists due to authentication being
    performed prior to security parameter verification. A
    man-in-the-middle (MitM) attacker can exploit this
    vulnerability to disclose sensitive authentication
    information, which the attacker can later use for
    authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent
    that allow an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2017-3308,
    CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer
    subcomponent that allow an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling
    subcomponent that allows an unauthenticated, remote
    attacker to update, insert, or delete data contained in
    the database. (CVE-2017-3329)

  - Multiple unspecified flaws exist in the
    'Security: Privileges' subcomponent that allow an
    authenticated, remote attacker to cause a denial of
    service condition. (CVE-2017-3461, CVE-2017-3462,
    CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that
    allows an authenticated, remote attacker to update,
    insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Client mysqldump'
    subcomponent that allows an authenticated, remote
    attacker to execute arbitrary code. (CVE-2017-3600)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2219938.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?092fb681");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?724b555f");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html");
  script_set_attribute(attribute:"see_also", value:"http://riddle.link/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.5.55 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3305");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");

  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");
  script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");

  exit(0);
}

include("mysql_version.inc");

fix_version = "5.5.55";
exists_version = "5.5";

mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql
amazonlinuxmysqlp-cpe:/a:amazon:linux:mysql
centoscentosmysqlp-cpe:/a:centos:centos:mysql
fedoraprojectfedoramysqlp-cpe:/a:fedoraproject:fedora:mysql
fermilabscientific_linuxmysqlp-cpe:/a:fermilab:scientific_linux:mysql
novellopensusemysqlp-cpe:/a:novell:opensuse:mysql
novellsuse_linuxmysqlp-cpe:/a:novell:suse_linux:mysql
oraclelinuxmysqlp-cpe:/a:oracle:linux:mysql
redhatenterprise_linuxmysqlp-cpe:/a:redhat:enterprise_linux:mysql

Related

nessus 44
osv 15
debian 6
openvas 27
suse 7
slackware 1
amazon 2
altlinux 1
fedora 7
ubuntu 2
f5 3
freebsd 2
ibm 2
redhat 4
centos 1
oraclelinux 1
cve 13
ubuntucve 11
prion 12
redhatcve 9
veracode 11
debiancve 6
mariadbunix 6
alpinelinux 6
nessus
nessus
Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)
2017-04-26 00:00:00
MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)
2017-04-20 00:00:00
Debian DLA-916-1 : mysql-5.5 security update (Riddle)
2017-04-26 00:00:00
osv
osv
mysql-5.5 - security update
2017-04-25 00:00:00
mysql-5.5 - security update
2017-04-25 00:00:00
mariadb-10.0 - security update
2017-08-17 00:00:00
debian
debian
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
[SECURITY] [DLA 916-1] mysql-5.5 security update
2017-04-25 20:47:46
openvas
openvas
Debian LTS: Security Advisory for mysql-5.5 (DLA-916-1)
2018-01-17 00:00:00
Debian Security Advisory DSA 3834-1 (mysql-5.5 - security update)
2017-04-25 00:00:00
Oracle Mysql Security Updates (apr2017-3236618) 02 - Windows
2017-04-19 00:00:00
suse
suse
Security update for mysql (important)
2017-04-28 21:13:58
Security update for mariadb (important)
2017-08-03 15:12:17
Security update for mysql-community-server (important)
2017-05-08 18:18:38
slackware
slackware
[slackware-security] mariadb
2017-07-14 22:13:14
amazon
amazon
Medium: mysql55
2017-05-19 00:27:00
Important: mysql56
2017-05-18 22:01:00
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.23-alt1
2017-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25
2017-04-29 01:50:21
[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24
2017-04-29 01:18:25
[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26
2017-04-28 14:36:49
ubuntu
ubuntu
MySQL vulnerabilities
2017-07-24 00:00:00
MySQL vulnerabilities
2017-04-27 00:00:00
f5
f5
K38624343 : MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780
2022-01-18 00:00:00
K10771536 : MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
2022-01-13 00:00:00
K44183007 : MySQL vulnerability CVE-2017-3302
2017-03-13 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-04-19 00:00:00
mysql -- denial of service vulnerability
2017-01-27 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-06-18 01:38:06
Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerability (CVE-2017-3302)
2018-06-16 21:50:33
redhat
redhat
(RHSA-2017:2192) Moderate: mariadb security and bug fix update
2017-08-01 05:58:44
(RHSA-2017:2787) Important: rh-mysql56-mysql security and bug fix update
2017-09-21 07:18:30
(RHSA-2018:0279) Moderate: rh-mariadb100-mariadb security update
2018-02-06 10:37:36
centos
centos
mariadb security update
2017-08-24 01:39:47
oraclelinux
oraclelinux
mariadb security and bug fix update
2017-08-07 00:00:00
cve
cve
CVE-2017-3305
2017-04-24 19:59:00
CVE-2017-3462
2017-04-24 19:59:00
CVE-2017-3453
2017-04-24 19:59:00
ubuntucve
ubuntucve
CVE-2017-3305
2017-04-24 00:00:00
CVE-2017-3463
2017-04-24 00:00:00
CVE-2017-3462
2017-04-24 00:00:00
prion
prion
Design/Logic Flaw
2017-04-24 19:59:00
Code injection
2017-04-24 19:59:00
Code injection
2017-04-24 19:59:00
redhatcve
redhatcve
CVE-2017-3305
2017-03-17 12:53:05
CVE-2017-3462
2017-04-19 07:41:46
CVE-2017-3453
2017-04-19 07:41:10
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:05
Man-In-The-Middle
2019-05-02 06:37:03
Denial Of Service (DoS)
2019-05-02 06:37:04
debiancve
debiancve
CVE-2017-3309
2017-04-24 19:59:00
CVE-2017-3453
2017-04-24 19:59:00
CVE-2017-3302
2017-02-12 04:59:00
mariadbunix
mariadbunix
CVE-2017-3309
2017-04-24 19:59:00
CVE-2017-3453
2017-04-24 19:59:00
CVE-2017-3308
2017-04-24 19:59:00
alpinelinux
alpinelinux
CVE-2017-3453
2017-04-24 19:59:00
CVE-2017-3464
2017-04-24 19:59:00
CVE-2017-3308
2017-04-24 19:59:00
JSON
Related for MYSQL_5_5_55_RPM.NASL
nessus44osv15debian6openvas27suse7slackware1amazon2altlinux1fedora7ubuntu2f53freebsd2ibm2redhat4centos1oraclelinux1cve13ubuntucve11prion12redhatcve9veracode11debiancve6mariadbunix6alpinelinux6