Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_6_25.NASL
HistoryJul 15, 2015 - 12:00 a.m.

MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)

2015-07-1500:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

The version of MySQL running on the remote host is version 5.5.x prior to 5.5.44 or version 5.6.x prior to 5.6.25. It is, therefore, potentially affected by the following vulnerabilities :

  • Multiple denial of service vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker :

    • Partition (CVE-2015-2617)
    • DML (CVE-2015-2648, CVE-2015-2611)
    • GIS (CVE-2015-2582)
    • I_S (CVE-2015-4752)
    • InnoDB (CVE-2015-4756)
    • Optimizer (CVE-2015-2643, CVE-2015-4757)
    • Partition (CVE-2015-4772)
    • Memcached (CVE-2015-4761)
    • RBR (CVE-2015-4771)
    • Security:Firewall (CVE-2015-4769, CVE-2015-4767)
    • Security:Privileges (CVE-2015-2641)

  • Multiple Information disclosure vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker to gain access to sensitive information :

    • Pluggable Auth (CVE-2015-4737)
    • Security:Privileges (CVE-2015-2620)

  • An unspecified vulnerability exists related to the Security:Firewall subcomponent of the Server that can be exploited by a remote, authenticated attacker to have an impact on the integrity of the system. (CVE-2015-2639)

  • A denial of service vulnerability exists in the Client subcomponent which can be exploited by a local attacker.
    No other details have been given. (CVE-2015-2661)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84767);
  script_version("1.12");
  script_cvs_date("Date: 2019/03/27 13:17:50");

  script_cve_id(
    "CVE-2015-2582",
    "CVE-2015-2611",
    "CVE-2015-2617",
    "CVE-2015-2620",
    "CVE-2015-2639",
    "CVE-2015-2641",
    "CVE-2015-2643",
    "CVE-2015-2648",
    "CVE-2015-2661",
    "CVE-2015-4737",
    "CVE-2015-4752",
    "CVE-2015-4756",
    "CVE-2015-4757",
    "CVE-2015-4761",
    "CVE-2015-4767",
    "CVE-2015-4769",
    "CVE-2015-4771",
    "CVE-2015-4772");

  script_bugtraq_id(
    75751,
    75753,
    75759,
    75760,
    75762,
    75770,
    75774,
    75781,
    75785,
    75802,
    75813,
    75815,
    75822,
    75830,
    75835,
    75837,
    75844,
    75849
  );

  script_name(english:"MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is version 5.5.x
prior to 5.5.44 or version 5.6.x prior to 5.6.25. It is, therefore,
potentially affected by the following vulnerabilities :

  - Multiple denial of service vulnerabilities exist in the
    following Server subcomponents which can be exploited by
    a remote, authenticated attacker :
    - Partition (CVE-2015-2617)
    - DML (CVE-2015-2648, CVE-2015-2611)
    - GIS (CVE-2015-2582)
    - I_S (CVE-2015-4752)
    - InnoDB (CVE-2015-4756)
    - Optimizer (CVE-2015-2643, CVE-2015-4757)
    - Partition (CVE-2015-4772)
    - Memcached (CVE-2015-4761)
    - RBR (CVE-2015-4771)
    - Security:Firewall (CVE-2015-4769, CVE-2015-4767)
    - Security:Privileges (CVE-2015-2641)

  - Multiple Information disclosure vulnerabilities exist in
    the following Server subcomponents which can be
    exploited by a remote, authenticated attacker to gain
    access to sensitive information :
    - Pluggable Auth (CVE-2015-4737)
    - Security:Privileges (CVE-2015-2620)

  - An unspecified vulnerability exists related to the
    Security:Firewall subcomponent of the Server that can be
    exploited by a remote, authenticated attacker to have an
    impact on the integrity of the system. (CVE-2015-2639)

  - A denial of service vulnerability exists in the Client
    subcomponent which can be exploited by a local attacker.
    No other details have been given. (CVE-2015-2661)");
  # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2015 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2617");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/15");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:make_list('5.5.44', '5.6.25'), severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql

References

Related

kaspersky 1
veracode 24
nessus 29
openvas 25
ubuntu 1
gentoo 1
ibm 1
redhat 6
debian 2
osv 3
mageia 1
ubuntucve 19
cve 19
cvelist 19
prion 19
oraclelinux 2
centos 2
mariadbunix 6
securityvulns 1
oracle 1
kaspersky
kaspersky
KLA10638 Multiple vulnerabilities in Oracle MySQL
2015-07-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:17:53
Denial Of Service (DoS)
2019-05-02 05:17:53
Denial Of Service (DoS)
2019-05-02 05:17:52
nessus
nessus
openSUSE Security Update : mysql-community-server (openSUSE-2015-608)
2015-09-28 00:00:00
GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities
2016-10-12 00:00:00
Ubuntu 14.04 LTS : MySQL vulnerabilities (USN-2674-1)
2015-07-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2674-1)
2015-07-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1788-1)
2021-06-09 00:00:00
Oracle MySQL Multiple Unspecified Vulnerabilities-01 (Jul 2015)
2015-07-20 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2015-07-21 00:00:00
gentoo
gentoo
MySQL and MariaDB: Multiple vulnerabilities
2016-10-11 00:00:00
ibm
ibm
Security Bulletin: vulnerabilities in OpenSource Oracle MySQL Server affect IBM Security Guardium
2018-06-16 21:30:35
redhat
redhat
(RHSA-2015:1630) Important: rh-mysql56-mysql security update
2015-08-17 00:00:00
(RHSA-2015:1646) Important: rh-mariadb100-mariadb security update
2015-08-20 00:00:00
(RHSA-2015:1665) Moderate: mariadb security update
2015-08-24 00:00:00
debian
debian
[SECURITY] [DSA 3308-1] mysql-5.5 security update
2015-07-18 09:31:52
[SECURITY] [DSA 3308-1] mysql-5.5 security update
2015-07-18 09:32:10
osv
osv
mysql-5.5 - security update
2015-07-18 00:00:00
mariadb-10.0 - security update
2015-07-20 00:00:00
mysql-5.5 packages as an option announcement
2015-12-16 00:00:00
mageia
mageia
Updated mariadb package fixes security vulnerabilities
2015-07-27 12:53:07
ubuntucve
ubuntucve
CVE-2015-4769
2015-07-16 00:00:00
CVE-2015-4767
2015-07-16 00:00:00
CVE-2015-4757
2015-07-16 00:00:00
cve
cve
CVE-2015-4769
2015-07-16 11:01:00
CVE-2015-4767
2015-07-16 11:00:00
CVE-2015-4757
2015-07-16 11:00:00
cvelist
cvelist
CVE-2015-4767
2015-07-16 10:00:00
CVE-2015-4769
2015-07-16 10:00:00
CVE-2015-4757
2015-07-16 10:00:00
prion
prion
Design/Logic Flaw
2015-07-16 11:00:00
Design/Logic Flaw
2015-07-16 11:01:00
Design/Logic Flaw
2015-07-16 11:00:00
oraclelinux
oraclelinux
mariadb security update
2015-08-24 00:00:00
mysql55-mysql security update
2015-08-17 00:00:00
centos
centos
mariadb security update
2015-08-25 16:08:22
mysql55 security update
2015-08-17 15:20:46
mariadbunix
mariadbunix
CVE-2015-4757
2015-07-16 11:00:00
CVE-2015-4752
2015-07-16 11:00:00
CVE-2015-2648
2015-07-16 11:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for MYSQL_5_6_25.NASL
kaspersky1veracode24nessus29openvas25ubuntu1gentoo1ibm1redhat6debian2osv3mageia1ubuntucve19cve19cvelist19prion19oraclelinux2centos2mariadbunix6securityvulns1oracle1