6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438)
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74172);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-0384", "CVE-2014-2419", "CVE-2014-2430", "CVE-2014-2431", "CVE-2014-2432", "CVE-2014-2436", "CVE-2014-2438", "CVE-2014-2440");
script_name(english:"Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140522)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes several vulnerabilities in the MySQL database
server. Information about these flaws can be found on the Oracle
Critical Patch Update Advisory page, listed in the References section.
(CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419,
CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438)
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1405&L=scientific-linux-errata&T=0&P=906
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f34875dd"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-test");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/16");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/25");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-bench-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-debuginfo-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-devel-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-libs-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-server-5.5.37-1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"mysql55-mysql-test-5.5.37-1.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql55-mysql / mysql55-mysql-bench / mysql55-mysql-debuginfo / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fermilab | scientific_linux | mysql55-mysql | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql |
fermilab | scientific_linux | mysql55-mysql-bench | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-bench |
fermilab | scientific_linux | mysql55-mysql-debuginfo | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-debuginfo |
fermilab | scientific_linux | mysql55-mysql-devel | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-devel |
fermilab | scientific_linux | mysql55-mysql-libs | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-libs |
fermilab | scientific_linux | mysql55-mysql-server | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-server |
fermilab | scientific_linux | mysql55-mysql-test | p-cpe:/a:fermilab:scientific_linux:mysql55-mysql-test |
fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
www.nessus.org/u?f34875dd