Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_MYSQL-RHEL6.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 6 : mysql (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
rhel 6
mysql
unpatched
vulnerability
multiple
cves
sql injection
redhat enterprise linux
nessus
package manager

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

0.118 Low

EPSS

Percentile

95.4%

JSON

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE:
    as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. (CVE-2012-4414)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory mysql. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(198654);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id(
    "CVE-2012-4414",
    "CVE-2012-5627",
    "CVE-2015-3152",
    "CVE-2015-4819",
    "CVE-2016-0502",
    "CVE-2016-0505",
    "CVE-2016-0546",
    "CVE-2016-0596",
    "CVE-2016-0597",
    "CVE-2016-0598",
    "CVE-2016-0600",
    "CVE-2016-0606",
    "CVE-2016-0608",
    "CVE-2016-0609",
    "CVE-2016-0616",
    "CVE-2016-2047",
    "CVE-2016-5483",
    "CVE-2016-5616",
    "CVE-2016-5617",
    "CVE-2016-6663",
    "CVE-2016-6664",
    "CVE-2017-3265",
    "CVE-2017-3291",
    "CVE-2017-3302",
    "CVE-2017-3308",
    "CVE-2017-3309",
    "CVE-2017-3312",
    "CVE-2017-3453",
    "CVE-2017-3461",
    "CVE-2017-3462",
    "CVE-2017-3463",
    "CVE-2017-3464",
    "CVE-2017-3600",
    "CVE-2017-3636",
    "CVE-2017-3641",
    "CVE-2017-3648",
    "CVE-2017-3651",
    "CVE-2017-3652",
    "CVE-2017-3653",
    "CVE-2017-10268",
    "CVE-2017-10379",
    "CVE-2018-2562",
    "CVE-2018-2622",
    "CVE-2018-2640",
    "CVE-2018-2665",
    "CVE-2018-2668",
    "CVE-2018-2755",
    "CVE-2018-2761",
    "CVE-2018-2771",
    "CVE-2018-2773",
    "CVE-2018-2781",
    "CVE-2018-2813",
    "CVE-2018-2817",
    "CVE-2018-2818",
    "CVE-2018-2819",
    "CVE-2018-3058",
    "CVE-2018-3063",
    "CVE-2018-3066",
    "CVE-2018-3081",
    "CVE-2018-3123",
    "CVE-2018-3133",
    "CVE-2018-3174",
    "CVE-2018-3282",
    "CVE-2019-2455",
    "CVE-2019-2481",
    "CVE-2019-2627",
    "CVE-2019-2683",
    "CVE-2019-2730",
    "CVE-2019-2737",
    "CVE-2019-2738",
    "CVE-2019-2739",
    "CVE-2019-2740",
    "CVE-2019-2805",
    "CVE-2020-2574",
    "CVE-2020-2579",
    "CVE-2020-2780",
    "CVE-2020-14550"
  );

  script_name(english:"RHEL 6 : mysql (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  - Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and
    MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow
    remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE:
    as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29
    is incomplete. (CVE-2012-4414)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2562");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-2755");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-galera");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'mariadb-galera', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mariadb-galera', 'cves':['CVE-2015-3152', 'CVE-2015-4819', 'CVE-2016-0505', 'CVE-2016-0546', 'CVE-2016-0596', 'CVE-2016-0597', 'CVE-2016-0598', 'CVE-2016-0600', 'CVE-2016-0606', 'CVE-2016-0608', 'CVE-2016-0609', 'CVE-2016-0616', 'CVE-2016-2047', 'CVE-2016-5483', 'CVE-2016-5616', 'CVE-2016-5617', 'CVE-2016-6663', 'CVE-2016-6664', 'CVE-2017-3265', 'CVE-2017-3291', 'CVE-2017-3308', 'CVE-2017-3309', 'CVE-2017-3312', 'CVE-2017-3453', 'CVE-2017-3464', 'CVE-2017-3600']},
      {'reference':'mysql', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mysql', 'cves':['CVE-2012-4414', 'CVE-2012-5627', 'CVE-2015-3152', 'CVE-2015-4819', 'CVE-2016-0502', 'CVE-2016-0505', 'CVE-2016-0546', 'CVE-2016-0596', 'CVE-2016-0597', 'CVE-2016-0598', 'CVE-2016-0600', 'CVE-2016-0606', 'CVE-2016-0608', 'CVE-2016-0609', 'CVE-2016-0616', 'CVE-2016-2047', 'CVE-2016-5483', 'CVE-2016-5617', 'CVE-2016-6664', 'CVE-2017-3265', 'CVE-2017-3291', 'CVE-2017-3302', 'CVE-2017-3308', 'CVE-2017-3309', 'CVE-2017-3312', 'CVE-2017-3453', 'CVE-2017-3461', 'CVE-2017-3462', 'CVE-2017-3463', 'CVE-2017-3464', 'CVE-2017-3600', 'CVE-2017-3636', 'CVE-2017-3641', 'CVE-2017-3648', 'CVE-2017-3651', 'CVE-2017-3652', 'CVE-2017-3653', 'CVE-2017-10268', 'CVE-2017-10379', 'CVE-2018-2562', 'CVE-2018-2622', 'CVE-2018-2640', 'CVE-2018-2665', 'CVE-2018-2668', 'CVE-2018-2755', 'CVE-2018-2761', 'CVE-2018-2771', 'CVE-2018-2773', 'CVE-2018-2781', 'CVE-2018-2813', 'CVE-2018-2817', 'CVE-2018-2818', 'CVE-2018-2819', 'CVE-2018-3058', 'CVE-2018-3063', 'CVE-2018-3066', 'CVE-2018-3081', 'CVE-2018-3123', 'CVE-2018-3133', 'CVE-2018-3174', 'CVE-2018-3282', 'CVE-2019-2455', 'CVE-2019-2481', 'CVE-2019-2627', 'CVE-2019-2683', 'CVE-2019-2730', 'CVE-2019-2737', 'CVE-2019-2738', 'CVE-2019-2739', 'CVE-2019-2740', 'CVE-2019-2805', 'CVE-2020-2574', 'CVE-2020-2579', 'CVE-2020-2780', 'CVE-2020-14550']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb-galera / mysql');
}
VendorProductVersionCPE
redhatenterprise_linuxmysqlp-cpe:/a:redhat:enterprise_linux:mysql
redhatenterprise_linuxmariadb-galerap-cpe:/a:redhat:enterprise_linux:mariadb-galera
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6

References

Related

nessus 75
openvas 57
debian 23
ibm 3
f5 1
redhat 4
centos 2
amazon 5
kaspersky 1
oraclelinux 2
osv 11
ubuntu 3
suse 4
fedora 5
mageia 1
altlinux 1
slackware 1
nessus
nessus
RHEL 5 : mysql (Unpatched Vulnerability)
2024-06-03 00:00:00
Debian DSA-3459-1 : mysql-5.5 - security update
2016-01-29 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)
2019-08-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3459-1)
2016-01-27 00:00:00
Debian Security Advisory DSA 3453-1 (mariadb-10.0 - security update)
2016-01-25 00:00:00
Debian Security Advisory DSA 3459-1 (mysql-5.5 - security update)
2016-01-28 00:00:00
debian
debian
[SECURITY] [DSA 3459-1] mysql-5.5 security update
2016-01-28 19:04:02
[SECURITY] [DSA 3453-1] mariadb-10.0 security update
2016-01-25 20:41:01
[SECURITY] [DLA 409-1] mysql-5.5 security update
2016-02-01 08:31:58
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-12-17 14:30:02
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-06-18 01:38:06
Security Bulletin: IBM Security Guardium is affected by OpenSource Oracle MySQL Vulnerability (multiple CVEs)
2018-06-16 21:40:13
f5
f5
K77508618 : Multiple Oracle MySQL vulnerabilities
2017-05-06 00:00:00
redhat
redhat
(RHSA-2018:2439) Moderate: mariadb security and bug fix update
2018-08-16 12:46:48
(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update
2018-09-19 17:36:53
(RHSA-2017:2192) Moderate: mariadb security and bug fix update
2017-08-01 05:58:44
centos
centos
mariadb security update
2018-08-21 01:08:00
mariadb security update
2017-08-24 01:39:47
amazon
amazon
Medium: mariadb
2018-09-12 22:57:00
Medium: mysql55
2018-05-25 18:26:00
Medium: mysql55
2017-05-19 00:27:00
kaspersky
kaspersky
KLA10749 Multiple vulnerabilities in MariaDB
2016-01-27 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
mariadb security and bug fix update
2017-08-07 00:00:00
osv
osv
mysql-5.5 - security update
2018-04-19 00:00:00
mysql-5.5 - security update
2018-04-20 00:00:00
mariadb-10.0 - security update
2018-06-29 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-04-25 00:00:00
MySQL vulnerabilities
2017-07-24 00:00:00
MySQL vulnerabilities
2018-01-25 00:00:00
suse
suse
Security update for mysql (important)
2017-04-28 21:13:58
Security update for mariadb (important)
2018-03-17 18:08:54
Security update for mariadb (important)
2018-03-15 21:07:15
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25
2017-04-29 01:50:21
[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26
2017-04-28 14:36:49
[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24
2017-04-29 01:18:25
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-06-04 18:11:47
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
slackware
slackware
[slackware-security] mariadb
2019-08-01 21:55:27

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

0.118 Low

EPSS

Percentile

95.4%

JSON
Related for REDHAT_UNPATCHED_MYSQL-RHEL6.NASL
nessus75openvas57debian23ibm3f51redhat4centos2amazon5kaspersky1oraclelinux2osv11ubuntu3suse4fedora5mageia1altlinux1slackware1