Slackware: Security Advisory (SSA:2006-129-02)

2012-09-1000:00:00

plugins.openvas.org

6.4 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.834 High

EPSS

Percentile

98.4%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.56730");
  script_cve_id("CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518");
  script_tag(name:"creation_date", value:"2012-09-10 23:34:21 +0000 (Mon, 10 Sep 2012)");
  script_version("2024-02-01T14:37:10+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_name("Slackware: Security Advisory (SSA:2006-129-02)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Slackware Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(10\.2|current)");

  script_xref(name:"Advisory-ID", value:"SSA:2006-129-02");
  script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.507293");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'mysql' package(s) announced via the SSA:2006-129-02 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"New mysql packages are available for Slackware 10.2 and -current to
fix security issues. The MySQL package shipped with Slackware 10.2
may possibly leak sensitive information found in uninitialized
memory to authenticated users. The MySQL package previously in
Slackware -current also suffered from these flaws, but an additional
overflow could allow arbitrary code execution.

Since the vulnerabilities require a valid login and/or access to the
database server, the risk is moderate. Slackware does not provide
network access to a MySQL database by default.


More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database.
Issues that affect both Slackware 10.2 and -current:
 [link moved to references]
 [link moved to references]

An issue affecting only Slackware -current:
 [link moved to references]


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mysql-4.1.19-i486-1.tgz:
 Upgraded to mysql-4.1.19.
 This fixes some minor security issues with possible information leakage.
 Note that the information leakage bugs require that the attacker have
 access to an account on the database. Also note that by default,
 Slackware's rc.mysqld script does *not* allow access to the database
 through the outside network (it uses the --skip-networking option).
 If you've enabled network access to MySQL, it is a good idea to filter
 the port (3306) to prevent access from unauthorized machines.
 For more information, see:
 [link moved to references]
 [link moved to references]
 (* Security fix *)
+--------------------------+

Here are the details from the Slackware -current ChangeLog:
+--------------------------+
ap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21.
 This fixes some security issues, including possible information leakage, and
 execution of arbitrary code. Note that the information leakage bugs require
 that the attacker have access to an account on the database. Also note that
 by default, Slackware's rc.mysqld script does *not* allow access to the
 database through the outside network (it uses the --skip-networking option).
 If you've enabled network access to MySQL, it is a good idea to filter the
 port (3306) to prevent access from unauthorized machines.
 For more information, see:
 [link moved to references]
 [link moved to references]
 [link moved to references]
 (* Security fix *)
+--------------------------+");

  script_tag(name:"affected", value:"'mysql' package(s) on Slackware 10.2, Slackware current.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-slack.inc");

release = slk_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLK10.2") {

  if(!isnull(res = isslkpkgvuln(pkg:"mysql", ver:"4.1.19-i486-1", rls:"SLK10.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLKcurrent") {

  if(!isnull(res = isslkpkgvuln(pkg:"mysql", ver:"5.0.21-i486-1", rls:"SLKcurrent"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);