Lucene search
This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.MYSQL_5_6_23_RPM.NASLHistoryAug 19, 2015 - 12:00 a.m.
Oracle MySQL 5.6.x < 5.6.23 InnoDB DoS (July 2015 CPU)
2015-08-1900:00:00
This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
www.tenable.com
15
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
77.3%
The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.23. It is, therefore, affected by an unspecified flaw in the InnoDB subcomponent. An authenticated, remote attacker can exploit this to cause a denial of service condition.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(85537);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");
script_cve_id("CVE-2015-4756");
script_bugtraq_id(75785);
script_name(english:"Oracle MySQL 5.6.x < 5.6.23 InnoDB DoS (July 2015 CPU)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of Oracle MySQL installed on the remote host is 5.6.x
prior to 5.6.23. It is, therefore, affected by an unspecified flaw in
the InnoDB subcomponent. An authenticated, remote attacker can exploit
this to cause a denial of service condition.");
# https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368792.xml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?178c8ed1");
script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-23.html");
script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2024204.1");
# http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2015 Oracle Critical
Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4756");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
script_family(english:"Databases");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");
exit(0);
}
include("mysql_version.inc");
package_list = make_list(
"mysql-community-client",
"mysql-community-common",
"mysql-community-devel",
"mysql-community-embedded",
"mysql-community-libs",
"mysql-community-libs-compat",
"mysql-community-server",
"MySQL-client",
"MySQL-client-advanced",
"MySQL-devel",
"MySQL-devel-advanced",
"MySQL-shared",
"MySQL-shared-advanced",
"MySQL-shared-compat",
"MySQL-shared-compat-advanced",
"MySQL-server",
"MySQL-server-advanced"
);
rhel_list = make_list(
"EL5",
"EL6",
"EL7",
"FC20",
"FC21",
"FC22",
"FC23",
"RHEL5",
"RHEL6",
"RHEL7",
"SL5",
"SL6",
"SL7"
);
ala_list = make_list(
"ALA"
);
suse_list = make_list(
"SLED11",
"SLED12",
"SLES11",
"SLES12",
"SUSE13.1",
"SUSE13.2"
);
centos_list = make_list(
"CentOS-5",
"CentOS-6",
"CentOS-7"
);
fix_version = "5.6.23";
exists_version = "5.6";
mysql_check_rpms(mysql_packages:package_list, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:rhel_list, centos_os_list:centos_list, suse_os_list:suse_list, ala_os_list:ala_list, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | mysql | cpe:/a:oracle:mysql | |
| amazon | linux | mysql | p-cpe:/a:amazon:linux:mysql |
| centos | centos | mysql | p-cpe:/a:centos:centos:mysql |
| fedoraproject | fedora | mysql | p-cpe:/a:fedoraproject:fedora:mysql |
| fermilab | scientific_linux | mysql | p-cpe:/a:fermilab:scientific_linux:mysql |
| novell | opensuse | mysql | p-cpe:/a:novell:opensuse:mysql |
| novell | suse_linux | mysql | p-cpe:/a:novell:suse_linux:mysql |
| oracle | linux | mysql | p-cpe:/a:oracle:linux:mysql |
| redhat | enterprise_linux | mysql | p-cpe:/a:redhat:enterprise_linux:mysql |
Related
openvas
openvas
Oracle MySQL Unspecified Vulnerability-05 (Jul 2015)
2015-07-21 00:00:00
Oracle MySQL Unspecified Vulnerability-14 (Jun 2016) - Linux
2016-06-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1788-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2015-0439
2015-04-16 16:00:00
CVE-2015-4756
2015-07-16 10:00:00
ubuntucve
ubuntucve
CVE-2015-4756
2015-07-16 00:00:00
CVE-2015-0439
2015-04-16 00:00:00
cve
cve
CVE-2015-0439
2015-04-16 16:59:04
CVE-2015-4756
2015-07-16 11:00:50
prion
prion
Design/Logic Flaw
2015-04-16 16:59:00
Design/Logic Flaw
2015-07-16 11:00:00
nvd
nvd
CVE-2015-4756
2015-07-16 11:00:50
CVE-2015-0439
2015-04-16 16:59:04
nessus
nessus
GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities
2016-10-12 00:00:00
openSUSE Security Update : mysql-community-server (openSUSE-2015-608)
2015-09-28 00:00:00
kaspersky
kaspersky
KLA10638 Multiple vulnerabilities in Oracle MySQL
2015-07-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:17:53
Denial Of Service (DoS)
2019-05-02 05:17:52
Denial Of Service (DoS)
2019-05-02 05:17:53
gentoo
gentoo
MySQL and MariaDB: Multiple vulnerabilities
2016-10-11 00:00:00
redhat
redhat
(RHSA-2015:1646) Important: rh-mariadb100-mariadb security update
2015-08-20 00:00:00
(RHSA-2015:1630) Important: rh-mysql56-mysql security update
2015-08-17 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
77.3%
Related for MYSQL_5_6_23_RPM.NASL