7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.118 Low
EPSS
Percentile
95.4%
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE:
as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. (CVE-2012-4414)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory mysql. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(198654);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id(
"CVE-2012-4414",
"CVE-2012-5627",
"CVE-2015-3152",
"CVE-2015-4819",
"CVE-2016-0502",
"CVE-2016-0505",
"CVE-2016-0546",
"CVE-2016-0596",
"CVE-2016-0597",
"CVE-2016-0598",
"CVE-2016-0600",
"CVE-2016-0606",
"CVE-2016-0608",
"CVE-2016-0609",
"CVE-2016-0616",
"CVE-2016-2047",
"CVE-2016-5483",
"CVE-2016-5616",
"CVE-2016-5617",
"CVE-2016-6663",
"CVE-2016-6664",
"CVE-2017-3265",
"CVE-2017-3291",
"CVE-2017-3302",
"CVE-2017-3308",
"CVE-2017-3309",
"CVE-2017-3312",
"CVE-2017-3453",
"CVE-2017-3461",
"CVE-2017-3462",
"CVE-2017-3463",
"CVE-2017-3464",
"CVE-2017-3600",
"CVE-2017-3636",
"CVE-2017-3641",
"CVE-2017-3648",
"CVE-2017-3651",
"CVE-2017-3652",
"CVE-2017-3653",
"CVE-2017-10268",
"CVE-2017-10379",
"CVE-2018-2562",
"CVE-2018-2622",
"CVE-2018-2640",
"CVE-2018-2665",
"CVE-2018-2668",
"CVE-2018-2755",
"CVE-2018-2761",
"CVE-2018-2771",
"CVE-2018-2773",
"CVE-2018-2781",
"CVE-2018-2813",
"CVE-2018-2817",
"CVE-2018-2818",
"CVE-2018-2819",
"CVE-2018-3058",
"CVE-2018-3063",
"CVE-2018-3066",
"CVE-2018-3081",
"CVE-2018-3123",
"CVE-2018-3133",
"CVE-2018-3174",
"CVE-2018-3282",
"CVE-2019-2455",
"CVE-2019-2481",
"CVE-2019-2627",
"CVE-2019-2683",
"CVE-2019-2730",
"CVE-2019-2737",
"CVE-2019-2738",
"CVE-2019-2739",
"CVE-2019-2740",
"CVE-2019-2805",
"CVE-2020-2574",
"CVE-2020-2579",
"CVE-2020-2780",
"CVE-2020-14550"
);
script_name(english:"RHEL 6 : mysql (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
- Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and
MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow
remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE:
as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29
is incomplete. (CVE-2012-4414)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2562");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-2755");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-galera");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'mariadb-galera', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mariadb-galera', 'cves':['CVE-2015-3152', 'CVE-2015-4819', 'CVE-2016-0505', 'CVE-2016-0546', 'CVE-2016-0596', 'CVE-2016-0597', 'CVE-2016-0598', 'CVE-2016-0600', 'CVE-2016-0606', 'CVE-2016-0608', 'CVE-2016-0609', 'CVE-2016-0616', 'CVE-2016-2047', 'CVE-2016-5483', 'CVE-2016-5616', 'CVE-2016-5617', 'CVE-2016-6663', 'CVE-2016-6664', 'CVE-2017-3265', 'CVE-2017-3291', 'CVE-2017-3308', 'CVE-2017-3309', 'CVE-2017-3312', 'CVE-2017-3453', 'CVE-2017-3464', 'CVE-2017-3600']},
{'reference':'mysql', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mysql', 'cves':['CVE-2012-4414', 'CVE-2012-5627', 'CVE-2015-3152', 'CVE-2015-4819', 'CVE-2016-0502', 'CVE-2016-0505', 'CVE-2016-0546', 'CVE-2016-0596', 'CVE-2016-0597', 'CVE-2016-0598', 'CVE-2016-0600', 'CVE-2016-0606', 'CVE-2016-0608', 'CVE-2016-0609', 'CVE-2016-0616', 'CVE-2016-2047', 'CVE-2016-5483', 'CVE-2016-5617', 'CVE-2016-6664', 'CVE-2017-3265', 'CVE-2017-3291', 'CVE-2017-3302', 'CVE-2017-3308', 'CVE-2017-3309', 'CVE-2017-3312', 'CVE-2017-3453', 'CVE-2017-3461', 'CVE-2017-3462', 'CVE-2017-3463', 'CVE-2017-3464', 'CVE-2017-3600', 'CVE-2017-3636', 'CVE-2017-3641', 'CVE-2017-3648', 'CVE-2017-3651', 'CVE-2017-3652', 'CVE-2017-3653', 'CVE-2017-10268', 'CVE-2017-10379', 'CVE-2018-2562', 'CVE-2018-2622', 'CVE-2018-2640', 'CVE-2018-2665', 'CVE-2018-2668', 'CVE-2018-2755', 'CVE-2018-2761', 'CVE-2018-2771', 'CVE-2018-2773', 'CVE-2018-2781', 'CVE-2018-2813', 'CVE-2018-2817', 'CVE-2018-2818', 'CVE-2018-2819', 'CVE-2018-3058', 'CVE-2018-3063', 'CVE-2018-3066', 'CVE-2018-3081', 'CVE-2018-3123', 'CVE-2018-3133', 'CVE-2018-3174', 'CVE-2018-3282', 'CVE-2019-2455', 'CVE-2019-2481', 'CVE-2019-2627', 'CVE-2019-2683', 'CVE-2019-2730', 'CVE-2019-2737', 'CVE-2019-2738', 'CVE-2019-2739', 'CVE-2019-2740', 'CVE-2019-2805', 'CVE-2020-2574', 'CVE-2020-2579', 'CVE-2020-2780', 'CVE-2020-14550']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mariadb-galera / mysql');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | mysql | p-cpe:/a:redhat:enterprise_linux:mysql |
redhat | enterprise_linux | mariadb-galera | p-cpe:/a:redhat:enterprise_linux:mariadb-galera |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2730
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2738
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2780
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.118 Low
EPSS
Percentile
95.4%