Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20121114_MYSQL_ON_SL6_X.NASLHistoryNov 16, 2012 - 12:00 a.m.
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121114)
2012-11-1600:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages. (CVE-2012-1688, CVE-2012-1690, CVE-2012-1703, CVE-2012-2749, CVE-2012-0540, CVE-2012-1689, CVE-2012-1734, CVE-2012-3163, CVE-2012-3158, CVE-2012-3177, CVE-2012-3166, CVE-2012-3173, CVE-2012-3150, CVE-2012-3180, CVE-2012-3167, CVE-2012-3197, CVE-2012-3160)
These updated packages upgrade MySQL to version 5.1.66. Refer to the MySQL release notes for a full list of changes.
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(62934);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-0540", "CVE-2012-1688", "CVE-2012-1689", "CVE-2012-1690", "CVE-2012-1703", "CVE-2012-1734", "CVE-2012-2749", "CVE-2012-3150", "CVE-2012-3158", "CVE-2012-3160", "CVE-2012-3163", "CVE-2012-3166", "CVE-2012-3167", "CVE-2012-3173", "CVE-2012-3177", "CVE-2012-3180", "CVE-2012-3197");
script_name(english:"Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121114)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes several vulnerabilities in the MySQL database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory pages. (CVE-2012-1688, CVE-2012-1690,
CVE-2012-1703, CVE-2012-2749, CVE-2012-0540, CVE-2012-1689,
CVE-2012-1734, CVE-2012-3163, CVE-2012-3158, CVE-2012-3177,
CVE-2012-3166, CVE-2012-3173, CVE-2012-3150, CVE-2012-3180,
CVE-2012-3167, CVE-2012-3197, CVE-2012-3160)
These updated packages upgrade MySQL to version 5.1.66. Refer to the
MySQL release notes for a full list of changes.
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1211&L=scientific-linux-errata&T=0&P=1447
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b731225b"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-test");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03");
script_set_attribute(attribute:"patch_publication_date", value:"2012/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/16");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"mysql-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-bench-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-devel-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-devel-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-libs-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-server-5.1.66-1.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-test-5.1.66-1.el6_3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-embedded / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | mysql | p-cpe:/a:fermilab:scientific_linux:mysql |
| fermilab | scientific_linux | mysql-bench | p-cpe:/a:fermilab:scientific_linux:mysql-bench |
| fermilab | scientific_linux | mysql-devel | p-cpe:/a:fermilab:scientific_linux:mysql-devel |
| fermilab | scientific_linux | mysql-embedded | p-cpe:/a:fermilab:scientific_linux:mysql-embedded |
| fermilab | scientific_linux | mysql-embedded-devel | p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel |
| fermilab | scientific_linux | mysql-libs | p-cpe:/a:fermilab:scientific_linux:mysql-libs |
| fermilab | scientific_linux | mysql-server | p-cpe:/a:fermilab:scientific_linux:mysql-server |
| fermilab | scientific_linux | mysql-test | p-cpe:/a:fermilab:scientific_linux:mysql-test |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3197
www.nessus.org/u?b731225b
Related
nessus
nessus
Oracle Linux 6 : mysql (ELSA-2012-1462)
2013-07-12 00:00:00
CentOS 6 : mysql (CESA-2012:1462)
2012-11-15 00:00:00
RHEL 6 : mysql (RHSA-2012:1462)
2012-11-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:41:00
Denial Of Service (DoS)
2019-05-02 04:41:01
Denial Of Service (DoS)
2019-05-02 04:40:59
openvas
openvas
CentOS Update for mysql CESA-2012:1462 centos6
2012-11-15 00:00:00
CentOS Update for mysql CESA-2012:1462 centos6
2012-11-15 00:00:00
RedHat Update for mysql RHSA-2012:1462-01
2012-11-15 00:00:00
oraclelinux
oraclelinux
mysql security update
2012-11-14 00:00:00
mysql security update
2013-01-22 00:00:00
redhat
redhat
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
(RHSA-2013:0180) Important: mysql security update
2013-01-22 00:00:00
centos
centos
mysql security update
2012-11-15 03:44:02
mysql security update
2013-01-22 21:34:28
debian
debian
[SECURITY] [DSA 2581-1] mysql-5.1 security update
2012-12-04 07:02:14
[SECURITY] [DSA 2496-1] mysql-5.1 security update
2012-06-18 20:38:29
ubuntu
ubuntu
MySQL vulnerabilities
2012-11-05 00:00:00
prion
prion
Design/Logic Flaw
2012-05-03 22:55:00
Design/Logic Flaw
2012-05-03 22:55:00
Design/Logic Flaw
2012-10-16 23:55:00
cve
cve
ubuntucve
ubuntucve
f5
f5
K14907 : MySQL Server vulnerability CVE-2012-3163
2014-07-08 00:00:00
SOL14907 - MySQL Server vulnerability CVE-2012-3163
2014-01-14 00:00:00
amazon
amazon
Important: mysql51
2012-11-20 06:26:00
seebug
seebug
Oracle MySQL 5.1.x 拒绝服务漏洞
2012-08-23 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2012
2012-10-16 00:00:00
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update - April 2012
2012-07-19 00:00:00
securityvulns
securityvulns
Related for SL_20121114_MYSQL_ON_SL6_X.NASL