Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)

2009-11-17T00:00:00

Description

The remote host is missing an update to ocaml-mysql announced via advisory FEDORA-2009-10701.

{"id": "OPENVAS:136141256231066256", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10701.", "published": "2009-11-17T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066256", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=529321"], "cvelist": ["CVE-2009-2942"], "lastseen": "2018-04-06T11:37:43", "viewCount": 1, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2942"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1910-1:8358A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2942"]}, {"type": "fedora", "idList": ["FEDORA:1F64510F879", "FEDORA:E668A10F8A1"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1910.NASL", "FEDORA_2009-10582.NASL", "FEDORA_2009-10701.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066035", "OPENVAS:136141256231066056", "OPENVAS:136141256231066251", "OPENVAS:66035", "OPENVAS:66056", "OPENVAS:66251", "OPENVAS:66256"]}, {"type": "osv", "idList": ["OSV:DSA-1910-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10324"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2942"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-2942"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2942"]}, {"type": "fedora", "idList": ["FEDORA:E668A10F8A1"]}, {"type": "nessus", "idList": ["FEDORA_2009-10701.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066056"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10324"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "136141256231066256", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10701.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10701 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPatch for CVE 2009-2942 Missing escape function (RHBZ#529321).\n\nChangeLog:\n\n* Fri Oct 16 2009 Richard W.M. Jones - 1.0.4-8.fc11.1\n- Patch for CVE 2009-2942 Missing escape function (RHBZ#529321).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ocaml-mysql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10701\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10701.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66256\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529321\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~8.fc11.1\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~8.fc11.1\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659891996}, "_internal": {"score_hash": "7648e2b1a675829a812e9f34f3a20098"}}

{"ubuntucve": [{"lastseen": "2022-08-04T14:38:38", "description": "The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the\nmysql_real_escape_string function, which might allow remote attackers to\nleverage escaping issues involving multibyte character encodings.", "cvss3": {}, "published": "2009-10-22T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-10-22T00:00:00", "id": "UB:CVE-2009-2942", "href": "https://ubuntu.com/security/CVE-2009-2942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:04", "description": "The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.", "cvss3": {}, "published": "2009-10-22T16:30:00", "type": "debiancve", "title": "CVE-2009-2942", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-10-22T16:30:00", "id": "DEBIANCVE:CVE-2009-2942", "href": "https://security-tracker.debian.org/tracker/CVE-2009-2942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:12", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10701.", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66256", "href": "http://plugins.openvas.org/nasl.php?oid=66256", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10701.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10701 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPatch for CVE 2009-2942 Missing escape function (RHBZ#529321).\n\nChangeLog:\n\n* Fri Oct 16 2009 Richard W.M. Jones - 1.0.4-8.fc11.1\n- Patch for CVE 2009-2942 Missing escape function (RHBZ#529321).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ocaml-mysql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10701\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10701.\";\n\n\n\nif(description)\n{\n script_id(66256);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529321\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~8.fc11.1\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~8.fc11.1\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:59", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory MDVSA-2009:279.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66035", "href": "http://plugins.openvas.org/nasl.php?oid=66035", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_279.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:279 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in ocaml-mysql:\n\nIt was discovered that mysql-ocaml, OCaml bindings for MySql,\nwas missing a function to call mysql_real_escape_string(). This\nis needed, because mysql_real_escape_string() honours the charset\nof the connection and prevents insufficient escaping, when certain\nmultibyte character encodings are used. The added function is called\nreal_escape() and takes the established database connection as a first\nargument. The old escape_string() was kept for backwards compatibility\n(CVE-2009-2942).\n\nThis update fixes this vulnerability.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:279\nhttp://www.debian.org/security/2009/dsa-1910\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory MDVSA-2009:279.\";\n\n \n\nif(description)\n{\n script_id(66035);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~9.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~9.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:10", "description": "The remote host is missing an update to mysql-ocaml\nannounced via advisory DSA 1910-1.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1910-1 (mysql-ocaml)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66056", "href": "http://plugins.openvas.org/nasl.php?oid=66056", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1910_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1910-1 (mysql-ocaml)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql_real_escape_string(). This is needed,\nbecause mysql_real_escape_string() honours the charset of the connection\nand prevents insufficient escaping, when certain multibyte character\nencodings are used. The added function is called real_escape() and\ntakes the established database connection as a first argument. The old\nescape_string() was kept for backwards compatibility.\n\nDevelopers using these bindings are encouraged to adjust their code to\nuse the new function.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your mysql-ocaml packages.\";\ntag_summary = \"The remote host is missing an update to mysql-ocaml\nannounced via advisory DSA 1910-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201910-1\";\n\n\nif(description)\n{\n script_id(66056);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1910-1 (mysql-ocaml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml\", ver:\"1.0.4-2+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml-dev\", ver:\"1.0.4-2+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml-dev\", ver:\"1.0.4-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml\", ver:\"1.0.4-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:11", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10582.", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66251", "href": "http://plugins.openvas.org/nasl.php?oid=66251", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10582.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10582 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPatch for CVE 2009-2942 Missing escape function (RHBZ#529321).\n\nChangeLog:\n\n* Fri Oct 16 2009 Richard W.M. Jones - 1.0.4-3.fc10.1\n- Patch for CVE 2009-2942 Missing escape function (RHBZ#529321).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ocaml-mysql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10582\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10582.\";\n\n\n\nif(description)\n{\n script_id(66251);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529321\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~3.fc10.1\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~3.fc10.1\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:55", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory MDVSA-2009:279.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066035", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066035", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_279.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:279 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in ocaml-mysql:\n\nIt was discovered that mysql-ocaml, OCaml bindings for MySql,\nwas missing a function to call mysql_real_escape_string(). This\nis needed, because mysql_real_escape_string() honours the charset\nof the connection and prevents insufficient escaping, when certain\nmultibyte character encodings are used. The added function is called\nreal_escape() and takes the established database connection as a first\nargument. The old escape_string() was kept for backwards compatibility\n(CVE-2009-2942).\n\nThis update fixes this vulnerability.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:279\nhttp://www.debian.org/security/2009/dsa-1910\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory MDVSA-2009:279.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66035\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~9.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~9.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing an update to mysql-ocaml\nannounced via advisory DSA 1910-1.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1910-1 (mysql-ocaml)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066056", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066056", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1910_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1910-1 (mysql-ocaml)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql_real_escape_string(). This is needed,\nbecause mysql_real_escape_string() honours the charset of the connection\nand prevents insufficient escaping, when certain multibyte character\nencodings are used. The added function is called real_escape() and\ntakes the established database connection as a first argument. The old\nescape_string() was kept for backwards compatibility.\n\nDevelopers using these bindings are encouraged to adjust their code to\nuse the new function.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your mysql-ocaml packages.\";\ntag_summary = \"The remote host is missing an update to mysql-ocaml\nannounced via advisory DSA 1910-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201910-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66056\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1910-1 (mysql-ocaml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml\", ver:\"1.0.4-2+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml-dev\", ver:\"1.0.4-2+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml-dev\", ver:\"1.0.4-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysql-ocaml\", ver:\"1.0.4-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:32", "description": "The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10582.", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066251", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066251", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10582.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10582 (ocaml-mysql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nPatch for CVE 2009-2942 Missing escape function (RHBZ#529321).\n\nChangeLog:\n\n* Fri Oct 16 2009 Richard W.M. Jones - 1.0.4-3.fc10.1\n- Patch for CVE 2009-2942 Missing escape function (RHBZ#529321).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ocaml-mysql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10582\";\ntag_summary = \"The remote host is missing an update to ocaml-mysql\nannounced via advisory FEDORA-2009-10582.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66251\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2942\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-10582 (ocaml-mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=529321\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ocaml-mysql\", rpm:\"ocaml-mysql~1.0.4~3.fc10.1\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ocaml-mysql-devel\", rpm:\"ocaml-mysql-devel~1.0.4~3.fc10.1\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-10-22T00:52:00", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1910-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nOctober 14, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mysql-ocaml\nVulnerability : missing escape function\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-2942\n\n\nIt was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql_real_escape_string(). This is needed,\nbecause mysql_real_escape_string() honours the charset of the connection\nand prevents insufficient escaping, when certain multibyte character\nencodings are used. The added function is called real_escape() and\ntakes the established database connection as a first argument. The old\nescape_string() was kept for backwards compatibility.\n\nDevelopers using these bindings are encouraged to adjust their code to\nuse the new function.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your mysql-ocaml packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.diff.gz\n Size/MD5 checksum: 4922 747ef04d7a1889198ec4dbf74c67b2f9\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.dsc\n Size/MD5 checksum: 1330 7fc48e4dcd193742a45c876fd526a57b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_amd64.deb\n Size/MD5 checksum: 11790 fd99b55a5cd4b4a31ab19be4bcb381b1\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_amd64.deb\n Size/MD5 checksum: 56456 be0d2ab9fff0963365ebd00ad292a099\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mips.deb\n Size/MD5 checksum: 41052 0e192c84931718413f68bbbeecaae8de\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mips.deb\n Size/MD5 checksum: 11188 cfe215c414389beb6e209e0b1ad53836\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mipsel.deb\n Size/MD5 checksum: 41082 b5f411607c26b4ba66fdf5ca3fafdc1e\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mipsel.deb\n Size/MD5 checksum: 11212 55dbbcd2aaf1ce70c5f29ca294ab7c2f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_sparc.deb\n Size/MD5 checksum: 56836 945b6f4cdddd98413031a91a14e48da7\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_sparc.deb\n Size/MD5 checksum: 10650 8c92747279818c517a0ebf6873fa01a3\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.dsc\n Size/MD5 checksum: 1912 30bca56e3d5818eaca5bb7fde48fb7c4\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.diff.gz\n Size/MD5 checksum: 5094 99ca09aea5510a14cd9c89ef3df7db7b\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4.orig.tar.gz\n Size/MD5 checksum: 119584 76f1282bb7299012669bf40cde78216b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_alpha.deb\n Size/MD5 checksum: 42870 8e8dbef7120c2ccfe7f4afc8c651f774\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_alpha.deb\n Size/MD5 checksum: 12474 bc239d611ee379d53d58f3d944e26fc9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_amd64.deb\n Size/MD5 checksum: 12120 e1f9170e413ad492963b3ac2b6a16f61\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_amd64.deb\n Size/MD5 checksum: 56758 6fb0e8f0e769fbaa89ea7fe437b07092\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_arm.deb\n Size/MD5 checksum: 40652 4295ce0a1490f805d73202c0c3d6b2e3\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_arm.deb\n Size/MD5 checksum: 10806 b05ecd665ba9ec10053693a9f1eef6d7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_hppa.deb\n Size/MD5 checksum: 12252 7f093c8f69af100652d011a5319a126e\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_hppa.deb\n Size/MD5 checksum: 41658 d68829d26c2d5ecd82b097d1afcafd00\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_i386.deb\n Size/MD5 checksum: 10878 c881ca9eaed7d094fb06b045a36badcc\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_i386.deb\n Size/MD5 checksum: 55498 7a66df77e3c9bfdb4ec9161df99b2f44\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_ia64.deb\n Size/MD5 checksum: 43270 a590fda7ec241c5adb63e8012d93a6a7\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_ia64.deb\n Size/MD5 checksum: 14436 4adff7114ee2600c6086fb456f349d3b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_mips.deb\n Size/MD5 checksum: 41192 9725b31a8355ecddfe3ac6c724388b8d\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_mips.deb\n Size/MD5 checksum: 11328 ab2c5ce069b593de640e8e27eabc016b\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_mipsel.deb\n Size/MD5 checksum: 11322 f7f39aeabc1949645f5bdbb553d595e4\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_mipsel.deb\n Size/MD5 checksum: 41186 83e2b0503b5cc38a3733c5aa76a45c2a\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_powerpc.deb\n Size/MD5 checksum: 13948 4f741865f6ad0d5231d210f64f61f449\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_powerpc.deb\n Size/MD5 checksum: 58050 e824b11167cdddee268e065dca840956\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_s390.deb\n Size/MD5 checksum: 41336 2fc7ab920f715a357875964cf57412a6\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_s390.deb\n Size/MD5 checksum: 12424 a6c5e84d7791f8f5c9566aa4ae63d01f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_sparc.deb\n Size/MD5 checksum: 10872 c08d9014b06dee09a59bf8b589e28718\n http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_sparc.deb\n Size/MD5 checksum: 56922 0fa317d9c532db33bb13eea54df1f577\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-10-15T00:15:10", "type": "debian", "title": "[SECURITY] [DSA 1910-1] New mysql-ocaml packages provide secure escaping", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-10-15T00:15:10", "id": "DEBIAN:DSA-1910-1:8358A", "href": "https://lists.debian.org/debian-security-announce/2009/msg00232.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:06:11", "description": "Patch for CVE-2009-2942 Missing escape function (RHBZ#529321).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-11-11T00:00:00", "type": "nessus", "title": "Fedora 10 : ocaml-mysql-1.0.4-3.fc10.1 (2009-10582)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ocaml-mysql", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-10582.NASL", "href": "https://www.tenable.com/plugins/nessus/42445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10582.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42445);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2942\");\n script_xref(name:\"FEDORA\", value:\"2009-10582\");\n\n script_name(english:\"Fedora 10 : ocaml-mysql-1.0.4-3.fc10.1 (2009-10582)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Patch for CVE-2009-2942 Missing escape function (RHBZ#529321).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529321\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed734f15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ocaml-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ocaml-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"ocaml-mysql-1.0.4-3.fc10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml-mysql\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:05:17", "description": "It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.\n\nDevelopers using these bindings are encouraged to adjust their code to use the new function.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1910-1 : mysql-ocaml - missing escape function", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-ocaml", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1910.NASL", "href": "https://www.tenable.com/plugins/nessus/44775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1910. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44775);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2942\");\n script_xref(name:\"DSA\", value:\"1910\");\n\n script_name(english:\"Debian DSA-1910-1 : mysql-ocaml - missing escape function\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql_real_escape_string(). This is needed,\nbecause mysql_real_escape_string() honours the charset of the\nconnection and prevents insufficient escaping, when certain multibyte\ncharacter encodings are used. The added function is called\nreal_escape() and takes the established database connection as a first\nargument. The old escape_string() was kept for backwards\ncompatibility.\n\nDevelopers using these bindings are encouraged to adjust their code to\nuse the new function.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1910\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-ocaml packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libmysql-ocaml\", reference:\"1.0.4-2+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libmysql-ocaml-dev\", reference:\"1.0.4-2+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmysql-ocaml\", reference:\"1.0.4-4+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libmysql-ocaml-dev\", reference:\"1.0.4-4+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:11", "description": "Patch for CVE-2009-2942 Missing escape function (RHBZ#529321).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-11-11T00:00:00", "type": "nessus", "title": "Fedora 11 : ocaml-mysql-1.0.4-8.fc11.1 (2009-10701)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2942"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ocaml-mysql", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-10701.NASL", "href": "https://www.tenable.com/plugins/nessus/42449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10701.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42449);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2942\");\n script_xref(name:\"FEDORA\", value:\"2009-10701\");\n\n script_name(english:\"Fedora 11 : ocaml-mysql-1.0.4-8.fc11.1 (2009-10701)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Patch for CVE-2009-2942 Missing escape function (RHBZ#529321).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529321\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1703d1c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ocaml-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ocaml-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"ocaml-mysql-1.0.4-8.fc11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml-mysql\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "ocaml-mysql is a package for ocaml that provides access to mysql databases. It consists of low level functions implemented in C and a module Mysql intended for application development. ", "cvss3": {}, "published": "2009-11-10T17:45:36", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: ocaml-mysql-1.0.4-3.fc10.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-11-10T17:45:36", "id": "FEDORA:E668A10F8A1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/27BEUHKG6Z3J7RRPRLC6NCF6YTTLFRUF/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "description": "ocaml-mysql is a package for ocaml that provides access to mysql databases. It consists of low level functions implemented in C and a module Mysql intended for application development. ", "cvss3": {}, "published": "2009-11-10T17:55:22", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: ocaml-mysql-1.0.4-8.fc11.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-11-10T17:55:22", "id": "FEDORA:1F64510F879", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UAZO6FC4WIC5PKCGTAKTHGMWSDNXVWUX/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T21:32:43", "description": "The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.", "cvss3": {}, "published": "2009-10-22T16:30:00", "type": "cve", "title": "CVE-2009-2942", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2009-10-27T05:27:00", "cpe": ["cpe:/a:mysql-ocaml:mysql-ocaml:1.0.4"], "id": "CVE-2009-2942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2942", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mysql-ocaml:mysql-ocaml:1.0.4:*:*:*:*:*:*:*"]}], "osv": [{"lastseen": "2022-08-10T07:05:48", "description": "\nIt was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql\\_real\\_escape\\_string(). This is needed,\nbecause mysql\\_real\\_escape\\_string() honours the charset of the connection\nand prevents insufficient escaping, when certain multibyte character\nencodings are used. The added function is called real\\_escape() and\ntakes the established database connection as a first argument. The old\nescape\\_string() was kept for backwards compatibility.\n\n\nDevelopers using these bindings are encouraged to adjust their code to\nuse the new function.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.\n\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your mysql-ocaml packages.\n\n\n", "cvss3": {}, "published": "2009-10-14T00:00:00", "type": "osv", "title": "mysql-ocaml - missing escape function", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2942"], "modified": "2022-08-10T07:05:46", "id": "OSV:DSA-1910-1", "href": "https://osv.dev/vulnerability/DSA-1910-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "description": "Text escaping functions are not colled for multibyte charsets.", "edition": 1, "cvss3": {}, "published": "2009-10-15T00:00:00", "title": "pygresql / mysql-ocaml / postgresql-ocaml SQL injection", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2943", "CVE-2009-2942", "CVE-2009-2940"], "modified": "2009-10-15T00:00:00", "id": "SECURITYVULNS:VULN:10324", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10324", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

Fedora Core 11 FEDORA-2009-10701 (ocaml-mysql)

Description

Related