Lucene search
This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.MYSQL_5_6_12_RPM.NASLHistoryJan 26, 2016 - 12:00 a.m.
Oracle MySQL 5.6.x < 5.6.12 Optimizer DoS (January 2016 CPU)
2016-01-2600:00:00
This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
www.tenable.com
12
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
61.4%
The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.12. It is, therefore, affected by an unspecified flaw in the Optimizer subcomponent. An authenticated, remote attacker can exploit this to cause a denial of service condition.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(88381);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");
script_cve_id("CVE-2016-0502");
script_name(english:"Oracle MySQL 5.6.x < 5.6.12 Optimizer DoS (January 2016 CPU)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of Oracle MySQL installed on the remote host is 5.6.x
prior to 5.6.12. It is, therefore, affected by an unspecified flaw in
the Optimizer subcomponent. An authenticated, remote attacker can
exploit this to cause a denial of service condition.");
# https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368796.xml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10ceb1c6");
script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-12.html");
script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2096144.1");
# https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d13bbe45");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2016 Oracle
Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0502");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/26");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");
exit(0);
}
include("mysql_version.inc");
package_list = make_list(
"mysql-community-common",
"mysql-community-devel",
"mysql-community-embedded",
"mysql-community-libs",
"mysql-community-libs-compat",
"mysql-community-server",
"MySQL-devel",
"MySQL-devel-advanced",
"MySQL-shared",
"MySQL-shared-advanced",
"MySQL-shared-compat",
"MySQL-shared-compat-advanced",
"MySQL-server",
"MySQL-server-advanced"
);
rhel_list = make_list(
"EL5",
"EL6",
"EL7",
"FC20",
"FC21",
"FC22",
"FC23",
"RHEL5",
"RHEL6",
"RHEL7",
"SL5",
"SL6",
"SL7"
);
ala_list = make_list(
"ALA"
);
suse_list = make_list(
"SLED11",
"SLED12",
"SLES11",
"SLES12",
"SUSE13.1",
"SUSE13.2",
"SUSE42.1"
);
centos_list = make_list(
"CentOS-5",
"CentOS-6",
"CentOS-7"
);
fix_version = "5.6.12";
exists_version = "5.6";
mysql_check_rpms(mysql_packages:package_list, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:rhel_list, centos_os_list:centos_list, suse_os_list:suse_list, ala_os_list:ala_list, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | mysql | cpe:/a:oracle:mysql | |
| amazon | linux | mysql | p-cpe:/a:amazon:linux:mysql |
| centos | centos | mysql | p-cpe:/a:centos:centos:mysql |
| fedoraproject | fedora | mysql | p-cpe:/a:fedoraproject:fedora:mysql |
| fermilab | scientific_linux | mysql | p-cpe:/a:fermilab:scientific_linux:mysql |
| novell | opensuse | mysql | p-cpe:/a:novell:opensuse:mysql |
| novell | suse_linux | mysql | p-cpe:/a:novell:suse_linux:mysql |
| oracle | linux | mysql | p-cpe:/a:oracle:linux:mysql |
| redhat | enterprise_linux | mysql | p-cpe:/a:redhat:enterprise_linux:mysql |
Related
openvas
openvas
Oracle MySQL Server <= 5.5.31 / 5.6 <= 5.6.11 Security Update (cpujan2016) - Windows
2016-02-08 00:00:00
Oracle MySQL Server <= 5.5.31 / 5.6 <= 5.6.11 Security Update (cpujan2016) - Linux
2017-11-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0348-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2016-0502
2016-01-21 02:00:00
nvd
nvd
CVE-2016-0502
2016-01-21 03:00:50
nessus
nessus
Oracle MySQL 5.5.x < 5.5.32 Optimizer DoS (January 2016 CPU)
2016-01-26 00:00:00
MariaDB 10.0.0 < 10.0.4 Multiple Vulnerabilities
2022-11-18 00:00:00
MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities
2014-02-06 00:00:00
cve
cve
CVE-2016-0502
2016-01-21 03:00:50
ubuntucve
ubuntucve
CVE-2016-0502
2016-01-21 00:00:00
mariadbunix
mariadbunix
CVE-2016-0502
2016-01-21 03:00:00
prion
prion
Design/Logic Flaw
2016-01-21 03:00:00
f5
f5
K77508618 : Multiple Oracle MySQL vulnerabilities
2017-05-06 00:00:00
suse
suse
Security update for MySQL (important)
2016-02-08 14:11:50
Security update for MySQL (important)
2016-02-07 20:14:28
fedora
fedora
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23
2016-02-21 16:34:44
[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22
2016-03-09 20:17:15
amazon
amazon
Important: mysql56
2016-04-06 14:40:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
61.4%
Related for MYSQL_5_6_12_RPM.NASL