Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2018-3655.NASL
HistoryApr 27, 2024 - 12:00 a.m.

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)

2024-04-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
redhat enterprise linux
rhel 6
rhel 7
rh-mysql57-mysql
rhsa-2018:3655
mysql
server replication
security privileges
innodb
client programs
pluggable auth
locking
pid file
group replication gcs
ddl
dml
performance schema
myisam
memcached
options
client mysqldump
audit log
parser
security audit
partition
init script
optimizer
merge
rbr
storage engines
logging
nessus
vulnerabilities

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory.

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) (CVE-2018-2758, CVE-2018-2818)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Connection unspecified vulnerability (CPU Apr 2018) (CVE-2018-2762)

  • mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018) (CVE-2018-2769)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) (CVE-2018-2773)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2812, CVE-2018-2816)

  • mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018) (CVE-2018-2776)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2018) (CVE-2018-2839)

  • mysql: Server: Performance Schema unspecified vulnerability (CPU Apr 2018) (CVE-2018-2846)

  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2018) (CVE-2018-3054, CVE-2018-3077)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3056)

  • mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

  • mysql: InnoDB unspecified vulnerability (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)

  • mysql: Server: DML unspecified vulnerability (CPU Jul 2018) (CVE-2018-3061, CVE-2018-3065)

  • mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018) (CVE-2018-3062)

  • mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)

  • mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) (CVE-2018-3070)

  • mysql: Audit Log unspecified vulnerability (CPU Jul 2018) (CVE-2018-3071)

  • mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)

  • mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133, CVE-2018-3155)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)

  • mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018) (CVE-2018-3144)

  • mysql: Server: Partition unspecified vulnerability (CPU Oct 2018) (CVE-2018-3161, CVE-2018-3171)

  • mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018) (CVE-2018-3187)

  • mysql: Server: Merge unspecified vulnerability (CPU Oct 2018) (CVE-2018-3247)

  • mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018) (CVE-2018-3276)

  • mysql: Server: RBR unspecified vulnerability (CPU Oct 2018) (CVE-2018-3278)

  • mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)

  • mysql: Server: Logging unspecified vulnerability (CPU Oct 2018) (CVE-2018-3283)

  • mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2731)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:3655. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194018);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");

  script_cve_id(
    "CVE-2018-2755",
    "CVE-2018-2758",
    "CVE-2018-2759",
    "CVE-2018-2761",
    "CVE-2018-2762",
    "CVE-2018-2766",
    "CVE-2018-2769",
    "CVE-2018-2771",
    "CVE-2018-2773",
    "CVE-2018-2775",
    "CVE-2018-2776",
    "CVE-2018-2777",
    "CVE-2018-2778",
    "CVE-2018-2779",
    "CVE-2018-2780",
    "CVE-2018-2781",
    "CVE-2018-2782",
    "CVE-2018-2784",
    "CVE-2018-2786",
    "CVE-2018-2787",
    "CVE-2018-2810",
    "CVE-2018-2812",
    "CVE-2018-2813",
    "CVE-2018-2816",
    "CVE-2018-2817",
    "CVE-2018-2818",
    "CVE-2018-2819",
    "CVE-2018-2839",
    "CVE-2018-2846",
    "CVE-2018-3054",
    "CVE-2018-3056",
    "CVE-2018-3058",
    "CVE-2018-3060",
    "CVE-2018-3061",
    "CVE-2018-3062",
    "CVE-2018-3064",
    "CVE-2018-3065",
    "CVE-2018-3066",
    "CVE-2018-3070",
    "CVE-2018-3071",
    "CVE-2018-3077",
    "CVE-2018-3081",
    "CVE-2018-3133",
    "CVE-2018-3143",
    "CVE-2018-3144",
    "CVE-2018-3155",
    "CVE-2018-3156",
    "CVE-2018-3161",
    "CVE-2018-3162",
    "CVE-2018-3171",
    "CVE-2018-3173",
    "CVE-2018-3174",
    "CVE-2018-3185",
    "CVE-2018-3187",
    "CVE-2018-3200",
    "CVE-2018-3247",
    "CVE-2018-3251",
    "CVE-2018-3276",
    "CVE-2018-3277",
    "CVE-2018-3278",
    "CVE-2018-3282",
    "CVE-2018-3283",
    "CVE-2018-3284",
    "CVE-2019-2731"
  );
  script_xref(name:"RHSA", value:"2018:3655");

  script_name(english:"RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for rh-mysql57-mysql.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:3655 advisory.

  - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) (CVE-2018-2758,
    CVE-2018-2818)

  - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777,
    CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)

  - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  - mysql: Server: Connection unspecified vulnerability (CPU Apr 2018) (CVE-2018-2762)

  - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018) (CVE-2018-2769)

  - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  - mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) (CVE-2018-2773)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2775, CVE-2018-2778,
    CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2812, CVE-2018-2816)

  - mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018) (CVE-2018-2776)

  - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)

  - mysql: Server: DML unspecified vulnerability (CPU Apr 2018) (CVE-2018-2839)

  - mysql: Server: Performance Schema unspecified vulnerability (CPU Apr 2018) (CVE-2018-2846)

  - mysql: Server: DDL unspecified vulnerability (CPU Jul 2018) (CVE-2018-3054, CVE-2018-3077)

  - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3056)

  - mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

  - mysql: InnoDB unspecified vulnerability (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)

  - mysql: Server: DML unspecified vulnerability (CPU Jul 2018) (CVE-2018-3061, CVE-2018-3065)

  - mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018) (CVE-2018-3062)

  - mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)

  - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) (CVE-2018-3070)

  - mysql: Audit Log unspecified vulnerability (CPU Jul 2018) (CVE-2018-3071)

  - mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)

  - mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133, CVE-2018-3155)

  - mysql: InnoDB unspecified vulnerability (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162,
    CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)

  - mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018) (CVE-2018-3144)

  - mysql: Server: Partition unspecified vulnerability (CPU Oct 2018) (CVE-2018-3161, CVE-2018-3171)

  - mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct
    2018) (CVE-2018-3174)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018) (CVE-2018-3187)

  - mysql: Server: Merge unspecified vulnerability (CPU Oct 2018) (CVE-2018-3247)

  - mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018) (CVE-2018-3276)

  - mysql: Server: RBR unspecified vulnerability (CPU Oct 2018) (CVE-2018-3278)

  - mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)

  - mysql: Server: Logging unspecified vulnerability (CPU Oct 2018) (CVE-2018-3283)

  - mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2731)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568921");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568922");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568923");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568924");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568925");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568926");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568927");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568931");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568932");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568934");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568936");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568937");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568938");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568940");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568941");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568942");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568943");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568944");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568945");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568946");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568949");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568950");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568951");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568953");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568954");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568955");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568956");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568957");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568958");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602354");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602355");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602356");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602357");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602359");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602360");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602364");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602365");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602366");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602369");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602370");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602375");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602424");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640307");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640308");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640310");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640312");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640316");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640317");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640318");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640319");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640320");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640321");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640322");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640324");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640325");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640326");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640331");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640332");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640333");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640334");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640335");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640337");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640340");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_3655.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?36699e48");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3655");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL rh-mysql57-mysql package based on the guidance in RHSA-2018:3655.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2731");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-2755");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(121);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-errmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-test");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/debug',
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/os',
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/debug',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/os',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'rh-mysql57-mysql-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-common-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-config-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-devel-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-errmsg-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-server-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-test-5.7.24-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'rh-mysql57-mysql-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-common-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-config-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-devel-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-errmsg-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-server-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rh-mysql57-mysql-test-5.7.24-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mysql57-mysql / rh-mysql57-mysql-common / etc');
}
VendorProductVersionCPE
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxrh-mysql57-mysqlp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql
redhatenterprise_linuxrh-mysql57-mysql-commonp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-common
redhatenterprise_linuxrh-mysql57-mysql-configp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-config
redhatenterprise_linuxrh-mysql57-mysql-develp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-devel
redhatenterprise_linuxrh-mysql57-mysql-errmsgp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-errmsg
redhatenterprise_linuxrh-mysql57-mysql-serverp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-server
redhatenterprise_linuxrh-mysql57-mysql-testp-cpe:/a:redhat:enterprise_linux:rh-mysql57-mysql-test

References

Related

fedora 18
redhat 3
openvas 55
nessus 74
ubuntu 5
amazon 7
freebsd 2
ibm 3
gentoo 1
rosalinux 1
suse 4
mageia 2
osv 5
debian 7
altlinux 2
slackware 2
photon 3
f5 5
fedora
fedora
[SECURITY] Fedora 28 Update: community-mysql-5.7.24-1.fc28
2018-11-27 17:13:25
[SECURITY] Fedora 28 Update: mariadb-10.2.19-1.fc28
2018-11-19 01:53:27
[SECURITY] Fedora 28 Update: community-mysql-5.7.23-1.fc28
2018-09-11 17:01:28
redhat
redhat
(RHSA-2018:3655) Moderate: rh-mysql57-mysql security update
2018-11-26 11:40:40
(RHSA-2018:1254) Moderate: rh-mysql56-mysql security update
2018-04-26 06:59:23
(RHSA-2019:1258) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
2019-05-21 19:37:40
openvas
openvas
Fedora Update for community-mysql FEDORA-2018-b4820696e1
2018-12-04 00:00:00
Ubuntu: Security Advisory (USN-3629-3)
2018-05-08 00:00:00
Ubuntu: Security Advisory (USN-3799-1)
2018-10-24 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerabilities (USN-3629-1)
2018-04-24 00:00:00
Amazon Linux AMI : mysql57 (ALAS-2018-1026)
2018-05-30 00:00:00
MySQL 5.7.x < 5.7.22 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)
2018-04-19 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-04-30 00:00:00
MySQL vulnerabilities
2018-10-23 00:00:00
MySQL vulnerabilities
2018-04-23 00:00:00
amazon
amazon
Medium: mysql57
2018-05-25 18:22:00
Medium: mysql57
2018-12-06 00:36:00
Medium: mysql56
2018-05-25 18:26:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2018-04-17 00:00:00
MySQL -- multiple vulnerabilities
2018-10-16 00:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.
2023-06-28 22:03:38
Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.
2023-06-28 22:08:36
Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
2019-03-06 20:10:01
gentoo
gentoo
MariaDB, MySQL: Multiple vulnerabilities
2019-08-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2251
2023-10-21 14:46:06
suse
suse
Security update for mariadb (moderate)
2018-06-08 00:11:54
Security update for mariadb (important)
2018-06-23 03:12:07
Security update for mysql-community-server (important)
2018-10-26 00:18:04
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-05-29 22:41:14
Updated mariadb packages fix security vulnerabilities
2018-11-27 18:26:11
osv
osv
mysql-5.5 - security update
2018-04-20 00:00:00
mysql-5.5 - security update
2018-04-19 00:00:00
mariadb-10.1 - security update
2018-11-19 00:00:00
debian
debian
[SECURITY] [DSA 4176-1] mysql-5.5 security update
2018-04-20 08:34:15
[SECURITY] [DSA 4176-1] mysql-5.5 security update
2018-04-20 08:34:15
[SECURITY] [DLA 1355-1] mysql-5.5 security update
2018-04-19 17:29:05
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.3.11-alt1
2018-11-28 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
slackware
slackware
[slackware-security] mariadb
2018-05-10 21:14:32
[slackware-security] mariadb
2018-11-06 04:16:18
photon
photon
Important Photon OS Security Update - PHSA-2018-0040
2018-04-30 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0040
2018-04-30 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0079
2018-08-01 00:00:00
f5
f5
K03551138 : MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846
2018-04-24 00:00:00
K71231825 : Multiple MySQL vulnerabilities
2018-04-24 00:00:00
K02212309 : MySQL vulnerabilities CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, and CVE-2018-2762
2018-04-24 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.3%

JSON
Related for REDHAT-RHSA-2018-3655.NASL
fedora18redhat3openvas55nessus74ubuntu5amazon7freebsd2ibm3gentoo1rosalinux1suse4mageia2osv5debian7altlinux2slackware2photon3f55