Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20140212_MYSQL_ON_SL6_X.NASL
HistoryFeb 13, 2014 - 12:00 a.m.

Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)

2014-02-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
(CVE-2014-0001)

This update also fixes the following bug :

  • Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up.

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72477);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-5908", "CVE-2014-0001", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401", "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0437");

  script_name(english:"Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line
client tool (mysql) processed excessively long version strings. If a
user connected to a malicious MySQL server via the mysql client, the
server could use this flaw to crash the mysql client or, potentially,
execute arbitrary code as the user running the mysql client.
(CVE-2014-0001)

This update also fixes the following bug :

  - Prior to this update, MySQL did not check whether a
    MySQL socket was actually being used by any process
    before starting the mysqld service. If a particular
    mysqld service did not exit cleanly while a socket was
    being used by a process, this socket was considered to
    be still in use during the next start-up of this
    service, which resulted in a failure to start the
    service up. With this update, if a socket exists but is
    not used by any process, it is ignored during the mysqld
    service start-up.

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1402&L=scientific-linux-errata&T=0&P=1565
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ce630790"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"mysql-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-bench-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-debuginfo-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-devel-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-embedded-devel-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-libs-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-server-5.1.73-3.el6_5")) flag++;
if (rpm_check(release:"SL6", reference:"mysql-test-5.1.73-3.el6_5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-debuginfo / mysql-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxmysqlp-cpe:/a:fermilab:scientific_linux:mysql
fermilabscientific_linuxmysql-benchp-cpe:/a:fermilab:scientific_linux:mysql-bench
fermilabscientific_linuxmysql-debuginfop-cpe:/a:fermilab:scientific_linux:mysql-debuginfo
fermilabscientific_linuxmysql-develp-cpe:/a:fermilab:scientific_linux:mysql-devel
fermilabscientific_linuxmysql-embeddedp-cpe:/a:fermilab:scientific_linux:mysql-embedded
fermilabscientific_linuxmysql-embedded-develp-cpe:/a:fermilab:scientific_linux:mysql-embedded-devel
fermilabscientific_linuxmysql-libsp-cpe:/a:fermilab:scientific_linux:mysql-libs
fermilabscientific_linuxmysql-serverp-cpe:/a:fermilab:scientific_linux:mysql-server
fermilabscientific_linuxmysql-testp-cpe:/a:fermilab:scientific_linux:mysql-test
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 37
veracode 10
redhat 4
openvas 47
amazon 1
oraclelinux 2
centos 4
f5 2
debian 6
ubuntu 2
fedora 8
mariadbunix 7
ubuntucve 8
prion 8
cve 8
suse 1
slackware 1
checkpoint_advisories 1
gentoo 1
osv 2
securityvulns 1
oracle 2
nessus
nessus
Amazon Linux AMI : mysql51 (ALAS-2014-298)
2014-03-12 00:00:00
Oracle Linux 6 : mysql (ELSA-2014-0164)
2014-02-13 00:00:00
RHEL 6 : mysql (RHSA-2014:0164)
2014-02-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
Denial Of Service (DoS)
2019-05-02 04:56:40
redhat
redhat
(RHSA-2014:0164) Moderate: mysql security and bug fix update
2014-02-12 00:00:00
(RHSA-2014:0173) Moderate: mysql55-mysql security update
2014-02-13 00:00:00
(RHSA-2014:0189) Moderate: mariadb55-mariadb security update
2014-02-19 00:00:00
openvas
openvas
RedHat Update for mysql RHSA-2014:0164-01
2014-02-13 00:00:00
RedHat Update for mysql RHSA-2014:0164-01
2014-02-13 00:00:00
Oracle: Security Advisory (ELSA-2014-0164)
2015-10-06 00:00:00
amazon
amazon
Medium: mysql51
2014-03-06 14:56:00
oraclelinux
oraclelinux
mysql security and bug fix update
2014-02-12 00:00:00
mysql55-mysql security update
2014-02-18 00:00:00
centos
centos
mysql security update
2014-02-12 19:48:34
mysql55 security update
2014-02-19 17:28:37
mariadb55 security update
2014-02-26 15:32:19
f5
f5
SOL16389 - Multiple MySQL vulnerabilities
2015-04-09 00:00:00
K16389 : Multiple MySQL vulnerabilities
2015-07-22 00:00:00
debian
debian
[SECURITY] [DSA 2845-1] mysql-5.1 security update
2014-01-17 15:49:25
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:55
[SECURITY] [DSA 2848-1] mysql-5.5 security update
2014-01-23 15:37:35
ubuntu
ubuntu
MySQL vulnerabilities
2014-01-21 00:00:00
MySQL vulnerabilities
2014-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19
2014-04-29 05:23:30
[SECURITY] Fedora 19 Update: mariadb-5.5.39-1.fc19
2014-09-10 13:31:10
[SECURITY] Fedora 20 Update: mariadb-5.5.39-1.fc20
2014-09-10 13:30:09
mariadbunix
mariadbunix
CVE-2013-5908
2014-01-15 16:08:00
CVE-2014-0437
2014-01-15 16:08:00
CVE-2014-0393
2014-01-15 16:08:00
ubuntucve
ubuntucve
CVE-2013-5908
2014-01-15 00:00:00
CVE-2014-0393
2014-01-15 00:00:00
CVE-2014-0437
2014-01-15 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
cve
cve
CVE-2013-5908
2014-01-15 16:08:00
CVE-2014-0437
2014-01-15 16:08:00
CVE-2014-0393
2014-01-15 16:08:00
suse
suse
Security update for MySQL (important)
2014-06-07 00:04:26
slackware
slackware
mariadb, mysql
2014-02-19 20:24:35
checkpoint_advisories
checkpoint_advisories
Oracle MySQL Client Heap Buffer Overflow (CVE-2014-0001)
2014-03-16 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2014-09-04 00:00:00
osv
osv
mysql-5.1 - security update
2014-10-22 00:00:00
mysql-5.5 - security update
2014-05-03 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00
JSON
Related for SL_20140212_MYSQL_ON_SL6_X.NASL
nessus37veracode10redhat4openvas47amazon1oraclelinux2centos4f52debian6ubuntu2fedora8mariadbunix7ubuntucve8prion8cve8suse1slackware1checkpoint_advisories1gentoo1osv2securityvulns1oracle2