Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_7_11.NASL
HistoryMar 01, 2016 - 12:00 a.m.

MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities

2016-03-0100:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The version of MySQL running on the remote host is 5.7.x prior to 5.7.11. It is, therefore, potentially affected by multiple vulnerabilities :

  • A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)

  • An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)

  • An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)

  • An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)

  • Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652)

  • An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)

  • An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-0650)

  • An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0653)

  • Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)

  • An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0658)

  • An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)

  • An unspecified flaw exists in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-0663)

  • An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-0665)

  • A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.

  • A denial of service vulnerability exists that is triggered when handling a ‘CREATE TEMPORARY TABLE …
    SELECT’ statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.

  • A denial of service vulnerability exists due to improper handling of queries that contain ‘WHERE 0’. An authenticated, remote attacker can exploit this to cause an uninitialized read, resulting in a denial of service condition.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89056);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id(
    "CVE-2015-3194",
    "CVE-2016-0640",
    "CVE-2016-0641",
    "CVE-2016-0644",
    "CVE-2016-0646",
    "CVE-2016-0649",
    "CVE-2016-0650",
    "CVE-2016-0652",
    "CVE-2016-0653",
    "CVE-2016-0654",
    "CVE-2016-0656",
    "CVE-2016-0658",
    "CVE-2016-0661",
    "CVE-2016-0663",
    "CVE-2016-0665",
    "CVE-2016-0668"
  );

  script_name(english:"MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.7.x prior to
5.7.11. It is, therefore, potentially affected by multiple
vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled
    version of OpenSSL in file rsa_ameth.c due to improper
    handling of ASN.1 signatures that are missing the PSS
    parameter. A remote attacker can exploit this to cause
    the signature verification routine to crash, resulting
    in a denial of service condition. (CVE-2015-3194)

  - An unspecified flaw exists in the DML subcomponent that
    allows an authenticated, remote attacker to impact
    integrity and availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent
    that allows an authenticated, remote attacker to
    disclose sensitive information or cause a denial of
    service condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent
    that allow an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0646,
    CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB
    subcomponent that allow an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent
    that allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent
    that allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-0665)

  - A denial of service vulnerability exists in the bundled
    OpenSSL library due to improper handling of variables
    declared as TEXT or BLOB. An authenticated, remote
    attacker can exploit this to corrupt data or cause a
    denial of service condition.

  - A denial of service vulnerability exists that is
    triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An
    authenticated, remote attacker can exploit this to
    create an improper table or cause the server to exit, 
    resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper
    handling of queries that contain 'WHERE 0'. An
    authenticated, remote attacker can exploit this to cause
    an uninitialized read, resulting in a denial of service
    condition.");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html");
  # http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0defed6");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.7.11 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0641");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/01");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.7.11', min:'5.7', severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql

References

Related

nessus 43
openvas 30
ibm 22
kaspersky 1
freebsd 2
f5 8
suse 6
debian 6
ubuntu 1
cve 16
ubuntucve 16
prion 16
osv 1
redhat 3
centos 1
oraclelinux 1
veracode 11
mariadbunix 7
openssl 1
debiancve 1
checkpoint_advisories 1
cloudfoundry 1
amazon 2
fedora 1
aix 1
nessus
nessus
MySQL 5.6.x < 5.6.29 Multiple DoS
2016-04-15 00:00:00
Oracle MySQL 5.5.x < 5.5.48 Multiple DoS
2016-04-15 00:00:00
MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities
2016-03-01 00:00:00
openvas
openvas
Oracle MySQL Server 5.7 <= 5.7.10 Security Update (cpuapr2016v3) - Linux
2016-05-05 00:00:00
Oracle MySQL Server <= 5.5.47 / 5.6 <= 5.6.28 / 5.7 <= 5.7.10 Security Update (cpuapr2016v3) - Windows
2016-04-25 00:00:00
Oracle MySQL Server 5.7 <= 5.7.10 Security Update (cpuapr2016v3) - Windows
2016-04-25 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs)
2018-06-16 21:50:33
Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM
2018-06-18 01:33:09
Security Bulletin: Vulnerabilities in OpenSSL affect StoredIQ (CVE-2015-3194)
2018-06-17 12:15:02
kaspersky
kaspersky
KLA10794 Multiple vulnerabilities in Oracle MySQL
2016-04-19 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2016-04-19 00:00:00
libressl -- NULL pointer dereference
2015-12-03 00:00:00
f5
f5
SOL70204455 - Multiple MySQL vulnerabilities
2016-08-05 00:00:00
K70204455 : Multiple MySQL vulnerabilities
2016-08-05 00:00:00
SOL82205554 - Multiple MySQL vulnerabilities
2016-08-04 00:00:00
suse
suse
Security update for mysql-community-server (important)
2016-05-18 14:14:23
Security update for mysql (important)
2016-05-11 18:10:17
Security update for mariadb (important)
2016-06-17 20:08:38
debian
debian
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DLA 447-1] mysql-5.5 security update
2016-04-30 09:29:15
ubuntu
ubuntu
MySQL vulnerabilities
2016-04-21 00:00:00
cve
cve
CVE-2016-0654
2016-04-21 10:59:00
CVE-2016-0656
2016-04-21 10:59:00
CVE-2016-0653
2016-04-21 10:59:00
ubuntucve
ubuntucve
CVE-2016-0654
2016-04-21 00:00:00
CVE-2016-0656
2016-04-21 00:00:00
CVE-2016-0653
2016-04-21 00:00:00
prion
prion
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
osv
osv
mysql-5.5 - security update
2016-04-26 00:00:00
redhat
redhat
(RHSA-2016:1602) Important: mariadb security update
2016-08-11 12:05:12
(RHSA-2016:0705) Critical: rh-mysql56-mysql security update
2016-05-02 12:15:44
(RHSA-2015:2617) Moderate: openssl security update
2015-12-14 00:00:00
centos
centos
mariadb security update
2016-08-12 11:27:37
oraclelinux
oraclelinux
mariadb security update
2016-08-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:21
Denial Of Service (DoS)
2019-05-02 05:29:21
Denial Of Service (DoS)
2019-05-02 05:29:21
mariadbunix
mariadbunix
CVE-2016-0650
2016-04-21 10:59:00
CVE-2016-0649
2016-04-21 10:59:00
CVE-2016-0668
2016-04-21 10:59:00
openssl
openssl
Vulnerability in OpenSSL CVE-2015-3194
2015-12-03 00:00:00
debiancve
debiancve
CVE-2015-3194
2015-12-06 20:59:00
checkpoint_advisories
checkpoint_advisories
OpenSSL RSA PSS Absent Mask Generation Parameter Denial of Service (CVE-2015-3194)
2016-02-17 00:00:00
cloudfoundry
cloudfoundry
USN-2830-1 OpenSSL vulnerability | Cloud Foundry
2016-01-07 00:00:00
amazon
amazon
Important: mysql55
2016-08-17 13:30:00
Medium: openssl
2015-12-14 10:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openssl-1.0.2e-1.fc23
2015-12-06 19:20:38
aix
aix
Vulnerabilities in OpenSSL impact AIX
2016-01-18 10:47:32
JSON
Related for MYSQL_5_7_11.NASL
nessus43openvas30ibm22kaspersky1freebsd2f58suse6debian6ubuntu1cve16ubuntucve16prion16osv1redhat3centos1oraclelinux1veracode11mariadbunix7openssl1debiancve1checkpoint_advisories1cloudfoundry1amazon2fedora1aix1