Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20120213_MYSQL_ON_SL5_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : mysql on SL5.x i386/x86_64 (20120213)
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page. (CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484, CVE-2012-0490)
These updated packages upgrade MySQL to version 5.0.95. Refer to the MySQL release notes for a full list of changes :
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61246);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-0075", "CVE-2012-0087", "CVE-2012-0101", "CVE-2012-0102", "CVE-2012-0114", "CVE-2012-0484", "CVE-2012-0490");
script_name(english:"Scientific Linux Security Update : mysql on SL5.x i386/x86_64 (20120213)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"MySQL is a multi-user, multi-threaded SQL database server. It consists
of the MySQL server daemon (mysqld) and many client programs and
libraries.
This update fixes several vulnerabilities in the MySQL database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory page. (CVE-2012-0075, CVE-2012-0087,
CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484,
CVE-2012-0490)
These updated packages upgrade MySQL to version 5.0.95. Refer to the
MySQL release notes for a full list of changes :
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
All MySQL users should upgrade to these updated packages, which
correct these issues. After installing this update, the MySQL server
daemon (mysqld) will be restarted automatically."
);
# http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
script_set_attribute(
attribute:"see_also",
value:"https://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=2333
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ce807d2b"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-test");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"mysql-5.0.95-1.el5_7.1")) flag++;
if (rpm_check(release:"SL5", reference:"mysql-bench-5.0.95-1.el5_7.1")) flag++;
if (rpm_check(release:"SL5", reference:"mysql-debuginfo-5.0.95-1.el5_7.1")) flag++;
if (rpm_check(release:"SL5", reference:"mysql-devel-5.0.95-1.el5_7.1")) flag++;
if (rpm_check(release:"SL5", reference:"mysql-server-5.0.95-1.el5_7.1")) flag++;
if (rpm_check(release:"SL5", reference:"mysql-test-5.0.95-1.el5_7.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-debuginfo / mysql-devel / mysql-server / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | mysql | p-cpe:/a:fermilab:scientific_linux:mysql |
| fermilab | scientific_linux | mysql-bench | p-cpe:/a:fermilab:scientific_linux:mysql-bench |
| fermilab | scientific_linux | mysql-debuginfo | p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo |
| fermilab | scientific_linux | mysql-devel | p-cpe:/a:fermilab:scientific_linux:mysql-devel |
| fermilab | scientific_linux | mysql-server | p-cpe:/a:fermilab:scientific_linux:mysql-server |
| fermilab | scientific_linux | mysql-test | p-cpe:/a:fermilab:scientific_linux:mysql-test |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490
www.nessus.org/u?ce807d2b
dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
Related
openvas
openvas
CentOS Update for mysql CESA-2012:0127 centos5
2012-07-30 00:00:00
RedHat Update for mysql RHSA-2012:0127-01
2012-02-21 00:00:00
RedHat Update for mysql RHSA-2012:0127-01
2012-02-21 00:00:00
nessus
nessus
MySQL 5.0 < 5.0.95 Multiple Vulnerabilities
2012-01-19 00:00:00
RHEL 5 : mysql (RHSA-2012:0127)
2012-02-14 00:00:00
Oracle Linux 5 : mysql (ELSA-2012-0127)
2013-07-12 00:00:00
oraclelinux
oraclelinux
mysql security update
2012-02-13 00:00:00
mysql security update
2012-02-08 00:00:00
centos
centos
mysql security update
2012-02-14 03:09:41
mysql security update
2012-02-08 21:54:27
redhat
redhat
(RHSA-2012:0127) Moderate: mysql security update
2012-02-13 00:00:00
(RHSA-2012:0105) Important: mysql security update
2012-02-08 00:00:00
suse
suse
Security update for MySQL (important)
2012-08-13 19:08:39
prion
prion
Design/Logic Flaw
2012-01-18 22:55:00
Design/Logic Flaw
2012-01-18 22:55:00
Design/Logic Flaw
2012-01-18 22:55:00
ubuntucve
ubuntucve
cve
cve
amazon
amazon
Important: mysql
2012-02-15 17:18:00
debian
debian
[SECURITY] [DSA 2429-1] mysql-5.1 security update
2012-03-07 20:45:13
veracode
veracode
Information Disclosure
2020-04-10 01:09:43
Denial Of Service (DoS)
2020-04-10 01:09:44
Denial Of Service (DoS)
2020-04-10 01:09:42
f5
f5
K14410 : Multiple MySQL vulnerabilities
2013-09-17 00:00:00
SOL14410 - Multiple MySQL vulnerabilities
2013-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: mysql-5.5.20-1.fc15
2012-02-12 22:51:41
[SECURITY] Fedora 16 Update: mysql-5.5.20-1.fc16
2012-02-08 22:53:23
ubuntu
ubuntu
MySQL vulnerabilities
2012-03-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00
securityvulns
securityvulns
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
Related for SL_20120213_MYSQL_ON_SL5_X.NASL