MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)

2015-04-15T00:00:00
ID MYSQL_5_6_23.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-10-02T00:00:00

Description

The version of MySQL running on the remote host is version 5.5.x prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore, potentially affected by multiple denial of service vulnerabilities :

  • A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)

  • Additionally, there are unspecified flaws in the following MySQL subcomponents that allow a denial of service by an authenticated, remote attacker :

    • XA (CVE-2015-0405)
    • Optimizer (CVE-2015-0423)
    • InnoDB : DML (CVE-2015-0433)
    • Partition (CVE-2015-0438)
    • InnoDB (CVE-2015-0439)
    • Security : Encryption (CVE-2015-0441)
    • DML (CVE-2015-2566)
    • Security : Privileges (CVE-2015-2568)
    • DDL (CVE-2015-2573)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(82799);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id(
    "CVE-2014-3569",
    "CVE-2015-0405",
    "CVE-2015-0423",
    "CVE-2015-0433",
    "CVE-2015-0438",
    "CVE-2015-0439",
    "CVE-2015-0441",
    "CVE-2015-2566",
    "CVE-2015-2568",
    "CVE-2015-2573"
  );
  script_bugtraq_id(
    71934,
    74073,
    74078,
    74085,
    74089,
    74091,
    74098,
    74103,
    74110,
    74126
  );

  script_name(english:"MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple denial of service
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is version 5.5.x
prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore,
potentially affected by multiple denial of service vulnerabilities :

  - A NULL pointer dereference flaw exists when the SSLv3
    option isn't enabled and an SSLv3 ClientHello is
    received. This allows a remote attacker, using an
    unexpected handshake, to crash the daemon, resulting in
    a denial of service. (CVE-2014-3569)

  - Additionally, there are unspecified flaws in the
    following MySQL subcomponents that allow a denial of
    service by an authenticated, remote attacker :

    - XA (CVE-2015-0405)
    - Optimizer (CVE-2015-0423)
    - InnoDB : DML (CVE-2015-0433)
    - Partition (CVE-2015-0438)
    - InnoDB (CVE-2015-0439)
    - Security : Encryption (CVE-2015-0441)
    - DML (CVE-2015-2566)
    - Security : Privileges (CVE-2015-2568)
    - DDL (CVE-2015-2573)");
  # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?915d056a");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.5.42 / 5.6.23 or later as referenced in the
Oracle April 2015 Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/15");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");
mysql_check_version(fixed:make_list('5.5.42', '5.6.23'), severity:SECURITY_WARNING);