Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121207)

2012-12-0900:00:00

www.tenable.com

A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon.
(CVE-2012-5611)

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(63192);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-5611");

  script_name(english:"Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121207)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A stack-based buffer overflow flaw was found in the user permission
checking code in MySQL. An authenticated database user could use this
flaw to crash the mysqld daemon or, potentially, execute arbitrary
code with the privileges of the user running the mysqld daemon.
(CVE-2012-5611)

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1212&L=scientific-linux-errata&T=0&P=557
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4b1dc346"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"mysql-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-bench-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-debuginfo-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-devel-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-devel-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-libs-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-server-5.1.66-2.el6_3")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-test-5.1.66-2.el6_3")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-debuginfo / mysql-devel / etc");
}

VendorProductVersionCPE
fermilabscientific_linuxmysqlp-cpe:/a:fermilab:scientific_linux:mysql
fermilabscientific_linuxmysql-benchp-cpe:/a:fermilab:scientific_linux:mysql-bench
fermilabscientific_linuxmysql-debuginfop-cpe:/a:fermilab:scientific_linux:mysql-debuginfo
fermilabscientific_linuxmysql-develp-cpe:/a:fermilab:scientific_linux:mysql-devel
fermilabscientific_linuxmysql-embeddedp-cpe:/a:fermilab:scientific_linux:mysql-embedded
fermilabscientific_linuxmysql-embedded-develp-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel
fermilabscientific_linuxmysql-libsp-cpe:/a:fermilab:scientific_linux:mysql-libs
fermilabscientific_linuxmysql-serverp-cpe:/a:fermilab:scientific_linux:mysql-server
fermilabscientific_linuxmysql-testp-cpe:/a:fermilab:scientific_linux:mysql-test
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Vendor	Product	Version	CPE
fermilab	scientific_linux	mysql	p-cpe:/a:fermilab:scientific_linux:mysql
fermilab	scientific_linux	mysql-bench	p-cpe:/a:fermilab:scientific_linux:mysql-bench
fermilab	scientific_linux	mysql-debuginfo	p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo
fermilab	scientific_linux	mysql-devel	p-cpe:/a:fermilab:scientific_linux:mysql-devel
fermilab	scientific_linux	mysql-embedded	p-cpe:/a:fermilab:scientific_linux:mysql-embedded
fermilab	scientific_linux	mysql-embedded-devel	p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel
fermilab	scientific_linux	mysql-libs	p-cpe:/a:fermilab:scientific_linux:mysql-libs
fermilab	scientific_linux	mysql-server	p-cpe:/a:fermilab:scientific_linux:mysql-server
fermilab	scientific_linux	mysql-test	p-cpe:/a:fermilab:scientific_linux:mysql-test
fermilab	scientific_linux		x-cpe:/o:fermilab:scientific_linux

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5611

www.nessus.org/u?4b1dc346

JSON

Related for SL_20121207_MYSQL_ON_SL6_X.NASL