Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_7_11_RPM.NASL
HistoryMay 02, 2016 - 12:00 a.m.

Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)

2016-05-0200:00:00
This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86
JSON

The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities :

  • A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)

  • A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)

  • An unspecified flaw exists in the DML subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0640)

  • An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose potentially sensitive information or cause a denial of service condition. (CVE-2016-0641)

  • An unspecified flaw exists in the DDL subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0644)

  • Multiple unspecified flaws exist in the DML subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652)

  • An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0649)

  • An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0650)

  • An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0653)

  • Multiple unspecified flaws exist in the InnoDB subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)

  • An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0658)

  • An unspecified flaw exists in the Options subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0661)

  • An unspecified flaw exists in the Performance Schema subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0663)

  • An unspecified flaw exists in the Security: Encryption subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0665)

  • An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information.
    (CVE-2016-3452)

  • A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.

  • A denial of service vulnerability exists that is triggered when handling a ‘CREATE TEMPORARY TABLE …
    SELECT’ statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.

  • A denial of service vulnerability exists due to improper handling of queries that contain ‘WHERE 0’. An authenticated, remote attacker can exploit this to cause an uninitialized read, resulting in a denial of service condition.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90833);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");

  script_cve_id(
    "CVE-2015-3194",
    "CVE-2015-3195",
    "CVE-2016-0640",
    "CVE-2016-0641",
    "CVE-2016-0644",
    "CVE-2016-0646",
    "CVE-2016-0649",
    "CVE-2016-0650",
    "CVE-2016-0652",
    "CVE-2016-0653",
    "CVE-2016-0654",
    "CVE-2016-0656",
    "CVE-2016-0658",
    "CVE-2016-0661",
    "CVE-2016-0663",
    "CVE-2016-0665",
    "CVE-2016-0668",
    "CVE-2016-3452"
  );
  script_bugtraq_id(
    78623,
    78626,
    86427,
    86431,
    86436,
    86439,
    86442,
    86451,
    86454,
    86463,
    86467,
    86470,
    86496,
    86498,
    86504,
    86511,
    86513,
    91999
  );

  script_name(english:"Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle MySQL installed on the remote host is 5.7.x
prior to 5.7.11. It is, therefore, affected by the following
vulnerabilities :

  - A NULL pointer dereference flaw exists in the bundled
    version of OpenSSL in file rsa_ameth.c due to improper
    handling of ASN.1 signatures that are missing the PSS
    parameter. A remote attacker can exploit this to cause
    the signature verification routine to crash, resulting
    in a denial of service condition. (CVE-2015-3194)

  - A flaw exists in the ASN1_TFLG_COMBINE implementation in
    file tasn_dec.c related to handling malformed
    X509_ATTRIBUTE structures. A remote attacker can exploit
    this to cause a memory leak by triggering a decoding
    failure in a PKCS#7 or CMS application, resulting in a
    denial of service. (CVE-2015-3195)

  - An unspecified flaw exists in the DML subcomponent that
    allows a local attacker to impact integrity and
    availability. (CVE-2016-0640)

  - An unspecified flaw exists in the MyISAM subcomponent
    that allows a local attacker to disclose potentially
    sensitive information or cause a denial of service
    condition. (CVE-2016-0641)

  - An unspecified flaw exists in the DDL subcomponent that
    allows a local attacker to cause a denial of service
    condition. (CVE-2016-0644)

  - Multiple unspecified flaws exist in the DML subcomponent
    that allow a local attacker to cause a denial of
    service condition. (CVE-2016-0646, CVE-2016-0652)

  - An unspecified flaw exists in the PS subcomponent that
    allows a local attacker to cause a denial of service
    condition. (CVE-2016-0649)

  - An unspecified flaw exists in the Replication
    subcomponent that allows a local attacker to cause a
    denial of service condition. (CVE-2016-0650)

  - An unspecified flaw exists in the FTS subcomponent that
    allows a local attacker to cause a denial of service
    condition. (CVE-2016-0653)

  - Multiple unspecified flaws exist in the InnoDB
    subcomponent that allow a local attacker to cause a
    denial of service condition. (CVE-2016-0654,
    CVE-2016-0656, CVE-2016-0668)

  - An unspecified flaw exists in the Optimizer subcomponent
    that allows a local attacker to cause a denial of
    service condition. (CVE-2016-0658)

  - An unspecified flaw exists in the Options subcomponent
    that allows a local attacker to cause a denial of
    service condition. (CVE-2016-0661)

  - An unspecified flaw exists in the Performance Schema
    subcomponent that allows a local attacker to cause a
    denial of service condition. (CVE-2016-0663)

  - An unspecified flaw exists in the Security: Encryption
    subcomponent that allows a local attacker to cause a
    denial of service condition. (CVE-2016-0665)

  - An unspecified flaw exists in the Security: Encryption
    subcomponent that allows an unauthenticated, remote
    attacker to disclose potentially sensitive information.
    (CVE-2016-3452)

  - A denial of service vulnerability exists in the bundled
    OpenSSL library due to improper handling of variables
    declared as TEXT or BLOB. An authenticated, remote
    attacker can exploit this to corrupt data or cause a
    denial of service condition.

  - A denial of service vulnerability exists that is
    triggered when handling a 'CREATE TEMPORARY TABLE ..
    SELECT' statement involving BIT columns. An
    authenticated, remote attacker can exploit this to
    create an improper table or cause the server to exit, 
    resulting in a denial of service condition.

  - A denial of service vulnerability exists due to improper
    handling of queries that contain 'WHERE 0'. An
    authenticated, remote attacker can exploit this to cause
    an uninitialized read, resulting in a denial of service
    condition.");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2948264.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae0f7f52");
  # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42cde00c");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2120034.1");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2157431.1");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffb7b96f");
  # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.7.11 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0641");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/02");

  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled");
  script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");

  exit(0);
}

include("mysql_version.inc");

fix_version = "5.7.11";
exists_version = "5.7";

mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql
amazonlinuxmysqlp-cpe:/a:amazon:linux:mysql
centoscentosmysqlp-cpe:/a:centos:centos:mysql
fedoraprojectfedoramysqlp-cpe:/a:fedoraproject:fedora:mysql
fermilabscientific_linuxmysqlp-cpe:/a:fermilab:scientific_linux:mysql
novellopensusemysqlp-cpe:/a:novell:opensuse:mysql
novellsuse_linuxmysqlp-cpe:/a:novell:suse_linux:mysql
oraclelinuxmysqlp-cpe:/a:oracle:linux:mysql
redhatenterprise_linuxmysqlp-cpe:/a:redhat:enterprise_linux:mysql

References

Related

nessus 54
openvas 31
ibm 35
kaspersky 1
freebsd 3
f5 7
debian 7
suse 6
ubuntu 2
cve 7
cloudfoundry 1
prion 7
ubuntucve 6
osv 3
oraclelinux 1
centos 2
redhat 2
fedora 2
amazon 1
aix 1
freebsd_advisory 1
altlinux 4
mageia 1
debiancve 1
veracode 6
openssl 1
mariadbunix 1
symantec 1
slackware 1
fortinet 1
cisco 1
checkpoint_advisories 1
nessus
nessus
MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities
2016-03-01 00:00:00
Oracle MySQL 5.5.x < 5.5.48 Multiple DoS
2016-04-15 00:00:00
MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities
2016-03-01 00:00:00
openvas
openvas
Oracle MySQL Multiple Unspecified Vulnerabilities-04 April16 (Windows)
2016-04-25 00:00:00
Oracle MySQL Multiple Unspecified Vulnerabilities-04 May16 (Linux)
2016-05-05 00:00:00
Oracle MySQL Multiple Unspecified Vulnerabilities-06 April16 (Windows)
2016-04-25 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs)
2018-06-16 21:50:33
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2015-3194, CVE-2015-3195).
2020-07-24 22:19:08
Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Switches (CVE-2015-3194, CVE-2015-3195)
2023-04-14 14:32:25
kaspersky
kaspersky
KLA10794 Multiple vulnerabilities in Oracle MySQL
2016-04-19 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2016-04-19 00:00:00
libressl -- NULL pointer dereference
2015-12-03 00:00:00
openssl -- multiple vulnerabilities
2015-12-03 00:00:00
f5
f5
SOL70204455 - Multiple MySQL vulnerabilities
2016-08-05 00:00:00
K70204455 : Multiple MySQL vulnerabilities
2016-08-05 00:00:00
SOL82205554 - Multiple MySQL vulnerabilities
2016-08-04 00:00:00
debian
debian
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DLA 447-1] mysql-5.5 security update
2016-04-30 09:29:15
suse
suse
Security update for mysql-community-server (important)
2016-05-18 14:14:23
Security update for mysql (important)
2016-05-11 18:10:17
Security update for mariadb (important)
2016-06-17 20:08:38
ubuntu
ubuntu
MySQL vulnerabilities
2016-04-21 00:00:00
OpenSSL vulnerabilities
2015-12-07 00:00:00
cve
cve
CVE-2016-0656
2016-04-21 10:59:00
CVE-2016-0654
2016-04-21 10:59:00
CVE-2016-0653
2016-04-21 10:59:00
cloudfoundry
cloudfoundry
USN-2830-1 OpenSSL vulnerability | Cloud Foundry
2016-01-07 00:00:00
prion
prion
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
ubuntucve
ubuntucve
CVE-2016-0656
2016-04-21 00:00:00
CVE-2016-0654
2016-04-21 00:00:00
CVE-2016-0653
2016-04-21 00:00:00
osv
osv
mysql-5.5 - security update
2016-04-26 00:00:00
openssl - security update
2015-12-04 00:00:00
CVE-2016-3452
2016-07-21 10:12:00
oraclelinux
oraclelinux
mariadb security update
2016-08-11 00:00:00
centos
centos
mariadb security update
2016-08-12 11:27:37
openssl security update
2015-12-14 11:00:46
redhat
redhat
(RHSA-2016:1602) Important: mariadb security update
2016-08-11 12:05:12
(RHSA-2015:2617) Moderate: openssl security update
2015-12-14 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openssl-1.0.2e-1.fc23
2015-12-06 19:20:38
[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22
2015-12-14 11:54:41
amazon
amazon
Medium: openssl
2015-12-14 10:00:00
aix
aix
Vulnerabilities in OpenSSL impact AIX
2016-01-18 10:47:32
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:26.openssl
2015-12-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1q-alt1
2015-12-17 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1q-alt1
2015-12-17 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1q-alt1
2015-12-17 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2015-12-05 13:03:58
debiancve
debiancve
CVE-2015-3194
2015-12-06 20:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:21
Denial Of Service (DoS)
2019-05-02 05:29:21
Information Disclosure
2019-05-02 05:29:22
openssl
openssl
Vulnerability in OpenSSL CVE-2015-3194
2015-12-03 00:00:00
mariadbunix
mariadbunix
CVE-2016-0650
2016-04-21 10:59:00
symantec
symantec
SA105 : OpenSSL Vulnerabilities 3-Dec-2015
2015-12-10 08:00:00
slackware
slackware
[slackware-security] openssl
2015-12-16 06:25:41
fortinet
fortinet
OpenSSL Advisory - December 2015
2015-12-10 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
2015-12-04 17:38:00
checkpoint_advisories
checkpoint_advisories
OpenSSL RSA PSS Absent Mask Generation Parameter Denial of Service (CVE-2015-3194)
2016-02-17 00:00:00
JSON
Related for MYSQL_5_7_11_RPM.NASL
nessus54openvas31ibm35kaspersky1freebsd3f57debian7suse6ubuntu2cve7cloudfoundry1prion7ubuntucve6osv3oraclelinux1centos2redhat2fedora2amazon1aix1freebsd_advisory1altlinux4mageia1debiancve1veracode6openssl1mariadbunix1symantec1slackware1fortinet1cisco1checkpoint_advisories1