Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_6_41_RPM.NASL
HistoryJul 20, 2018 - 12:00 a.m.

MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)

2018-07-2000:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1682
JSON

The version of MySQL running on the remote host is 5.6.x prior to 5.6.41. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(111156);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/29");

  script_cve_id(
    "CVE-2018-0739",
    "CVE-2018-2767",
    "CVE-2018-3058",
    "CVE-2018-3062",
    "CVE-2018-3064",
    "CVE-2018-3066",
    "CVE-2018-3070",
    "CVE-2018-3081"
  );
  script_bugtraq_id(
    103518,
    103954,
    104766,
    104776,
    104779
  );

  script_name(english:"MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.6.x prior to
5.6.41. It is, therefore, affected by multiple vulnerabilities as
noted in the July 2018 Critical Patch Update advisory. Please consult
the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-41.html");
  # http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?50f36723");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.6.41 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3064");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/20");

  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");
  script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");

  exit(0);
}

include("mysql_version.inc");

fix_version = "5.6.41";
exists_version = "5.6";

mysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql
amazonlinuxmysqlp-cpe:/a:amazon:linux:mysql
centoscentosmysqlp-cpe:/a:centos:centos:mysql
fedoraprojectfedoramysqlp-cpe:/a:fedoraproject:fedora:mysql
fermilabscientific_linuxmysqlp-cpe:/a:fermilab:scientific_linux:mysql
novellopensusemysqlp-cpe:/a:novell:opensuse:mysql
novellsuse_linuxmysqlp-cpe:/a:novell:suse_linux:mysql
oraclelinuxmysqlp-cpe:/a:oracle:linux:mysql
redhatenterprise_linuxmysqlp-cpe:/a:redhat:enterprise_linux:mysql

Related

nessus 60
amazon 4
suse 6
openvas 17
ubuntu 2
mageia 3
altlinux 3
osv 13
debian 4
f5 1
freebsd 1
veracode 6
prion 8
cve 8
alpinelinux 6
oraclelinux 4
mariadbunix 5
ubuntucve 7
redhatcve 8
debiancve 6
ibm 20
cloudfoundry 1
huawei 1
broadcom 1
centos 1
redhat 1
aix 1
fedora 1
nessus
nessus
Amazon Linux AMI : mysql56 (ALAS-2018-1069)
2018-08-24 00:00:00
openSUSE Security Update : mysql-community-server (openSUSE-2018-844)
2018-08-10 00:00:00
MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)
2018-07-20 00:00:00
amazon
amazon
Medium: mysql56
2018-08-22 19:34:00
Medium: mysql55
2018-08-22 19:33:00
Medium: mysql57
2018-08-22 19:35:00
suse
suse
Security update for mysql-community-server (moderate)
2018-08-10 03:13:38
Security update for ovmf (moderate)
2018-08-06 15:11:10
Security update for openssl (important)
2018-04-09 03:08:41
openvas
openvas
openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2018:2293-1)
2018-08-10 00:00:00
Oracle MySQL Security Updates-02 (jul2018-4258247) Windows
2018-07-18 00:00:00
Oracle MySQL Security Updates-02 (jul2018-4258247) Linux
2018-07-18 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-07-30 00:00:00
MySQL vulnerabilities
2018-07-30 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-08-12 23:39:12
Updated mariadb packages fix security vulnerability
2018-09-01 00:11:59
Updated openssl packages fix security vulnerability
2018-04-03 21:48:20
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.35-alt1
2018-08-20 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.3.9-alt1
2018-08-19 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2o-alt1
2018-03-27 00:00:00
osv
osv
mariadb-10.0 - security update
2018-08-31 00:00:00
mysql-5.5 - security update
2018-11-05 00:00:00
CVE-2018-3066
2018-07-18 13:29:08
debian
debian
[SECURITY] [DLA 1488-1] mariadb-10.0 security update
2018-08-31 22:01:19
[SECURITY] [DLA 1566-1] mysql-5.5 security update
2018-11-05 18:06:29
[SECURITY] [DSA 4158-1] openssl1.0 security update
2018-03-29 21:40:38
f5
f5
K53756439 : MySQL vulnerabilities CVE-2018-2767, CVE-2018-3063, CVE-2017-3653, and CVE-2018-3066
2022-01-18 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2018-07-17 00:00:00
veracode
veracode
Privilege Escalation
2019-05-16 03:22:41
Information Disclosure
2019-05-16 03:22:40
Denial Of Service (DoS)
2019-05-16 03:22:41
prion
prion
Design/Logic Flaw
2018-07-18 13:29:00
Design/Logic Flaw
2018-07-18 13:29:00
Code injection
2018-07-18 13:29:00
cve
cve
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3062
2018-07-18 13:29:00
CVE-2018-3064
2018-07-18 13:29:00
alpinelinux
alpinelinux
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3058
2018-07-18 13:29:00
CVE-2018-2767
2018-07-18 13:29:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2019-08-13 00:00:00
openssl security update
2018-09-27 00:00:00
openssl security update
2018-09-26 00:00:00
mariadbunix
mariadbunix
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3058
2018-07-18 13:29:00
CVE-2018-3064
2018-07-18 13:29:00
ubuntucve
ubuntucve
CVE-2018-3066
2018-07-18 00:00:00
CVE-2018-3058
2018-07-18 00:00:00
CVE-2018-3062
2018-07-18 00:00:00
redhatcve
redhatcve
CVE-2018-3066
2019-12-19 20:31:44
CVE-2018-3058
2018-07-18 10:11:13
CVE-2018-3062
2018-07-18 10:14:14
debiancve
debiancve
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3058
2018-07-18 13:29:00
CVE-2018-3064
2018-07-18 13:29:00
ibm
ibm
Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2018-0739)
2018-08-09 16:40:05
Security Bulletin: IBM Aspera On Demand products are affected by OpenSSL Vulnerability (CVE-2018-0739)
2020-05-20 02:06:00
Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739)
2022-02-22 19:50:07
cloudfoundry
cloudfoundry
USN-3611-1: OpenSSL vulnerability | Cloud Foundry
2018-05-02 00:00:00
huawei
huawei
Security Advisory - OpenSSL Vulnerability in Some Huawei Products
2018-06-13 00:00:00
broadcom
broadcom
DOS for Handling of crafted recursive ASN.1 structures
2023-08-01 00:00:00
centos
centos
OVMF security update
2018-11-15 18:50:56
redhat
redhat
(RHSA-2018:3090) Moderate: ovmf security, bug fix, and enhancement update
2018-10-30 04:17:40
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0739)
2018-04-30 11:00:38
fedora
fedora
[SECURITY] Fedora 26 Update: compat-openssl10-1.0.2o-1.fc26
2018-04-09 18:36:03
JSON
Related for MYSQL_5_6_41_RPM.NASL
nessus60amazon4suse6openvas17ubuntu2mageia3altlinux3osv13debian4f51freebsd1veracode6prion8cve8alpinelinux6oraclelinux4mariadbunix5ubuntucve7redhatcve8debiancve6ibm20cloudfoundry1huawei1broadcom1centos1redhat1aix1fedora1