{"id": "OPENVAS:1361412562310808145", "bulletinFamily": "scanner", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "published": "2016-06-03T00:00:00", "modified": "2019-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "type": "openvas", "lastseen": "2019-05-29T18:34:55", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-01-09T12:13:36", "references": [{"idList": ["SECURITYVULNS:VULN:14393", "SECURITYVULNS:DOC:32349"], "type": "securityvulns"}, {"idList": ["RHSA-2015:1647", "RHSA-2015:1665", "RHSA-2015:1628", "RHSA-2015:1629"], "type": "redhat"}, {"idList": ["SSA-2015-132-02", "SSA-2015-132-01"], "type": "slackware"}, {"idList": ["SUSE-SU-2015:1273-1", "SUSE-SU-2015:0946-1", "OPENSUSE-SU-2015:1216-1"], "type": "suse"}, {"idList": ["ORACLE:CPUOCT2016-2881722", "ORACLE:CPUAPR2015-2365600"], "type": "oracle"}, {"idList": ["DEBIAN:DSA-3229-1:98A45", "DEBIAN:DSA-3311-1:6679E"], "type": "debian"}, {"idList": ["GLSA-201507-19"], "type": "gentoo"}, {"idList": ["OPENVAS:703229", "OPENVAS:1361412562310805171", "OPENVAS:1361412562310871435", "OPENVAS:1361412562310850932", "OPENVAS:1361412562310123020", "OPENVAS:1361412562310703229", "OPENVAS:1361412562310703311", "OPENVAS:1361412562310842173", "OPENVAS:703311", "OPENVAS:1361412562310121400"], "type": "openvas"}, {"idList": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "type": "cve"}, {"idList": ["USN-2575-1"], "type": "ubuntu"}, {"idList": ["CESA-2015:1665", "CESA-2015:1628"], "type": "centos"}, {"idList": ["KLA10553"], "type": "kaspersky"}, {"idList": ["UBUNTU_USN-2575-1.NASL", "DEBIAN_DSA-3311.NASL", "DEBIAN_DSA-3229.NASL", "GENTOO_GLSA-201507-19.NASL", "MARIADB_5_5_42.NASL", "SUSE_SU-2015-1273-1.NASL", "MYSQL_5_6_23.NASL", "SLACKWARE_SSA_2015-132-01.NASL", "SLACKWARE_SSA_2015-132-02.NASL", "ORACLELINUX_ELSA-2015-1665.NASL"], "type": "nessus"}, {"idList": ["F5:K17115", "SOL17115"], "type": "f5"}, {"idList": ["ELSA-2015-1665", "ELSA-2015-1628"], "type": "oraclelinux"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "657eece8b85ebbf20adfed3cdc3fc2984b1f31aa6cc13f9ae782e1734c6cd0e5", "hashmap": [{"hash": "776cf6c16176cd68ade3f9822c26461f", "key": "cvelist"}, {"hash": "c69565fbdbc4b229002909d263e7e6bf", "key": "description"}, {"hash": "fcf0306dd969c48970baf9ed3730de53", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "6981315f1ce834193c007c6f0ad98d43", "key": "pluginID"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "e49f41fbad330d4c471496946b37aa62", "key": "published"}, {"hash": "de6c54194cb6f640b1e75f710a6f9167", "key": "modified"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "ec66f0eeffca639d554256cb0342629d", "key": "href"}, {"hash": "24e08e4149552ff45c36c28040859422", "key": "sourceData"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "fd16da6e3d81eb446bea6ffa20f7a7d4", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "id": "OPENVAS:1361412562310808145", "lastseen": "2019-01-09T12:13:36", "modified": "2019-01-08T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310808145", "published": "2016-06-03T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^5\\.[56]\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2019-01-09T12:13:36"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b2f3997ba99b0328423c6e018ffbdc5b0d84cc4deb66bc65f1e6d6b2b0e4e756", "hashmap": [{"hash": "776cf6c16176cd68ade3f9822c26461f", "key": "cvelist"}, {"hash": "c69565fbdbc4b229002909d263e7e6bf", "key": "description"}, {"hash": "fcf0306dd969c48970baf9ed3730de53", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "6981315f1ce834193c007c6f0ad98d43", "key": "pluginID"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "e49f41fbad330d4c471496946b37aa62", "key": "published"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "ec66f0eeffca639d554256cb0342629d", "key": "href"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "09b377c1865eef7f7bc11cf58c2c09c0", "key": "sourceData"}, {"hash": "b99e09cb643bf3a010de33068f01552f", "key": "modified"}, {"hash": "fd16da6e3d81eb446bea6ffa20f7a7d4", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "id": "OPENVAS:1361412562310808145", "lastseen": "2018-09-24T18:13:27", "modified": "2018-09-21T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310808145", "published": "2016-06-03T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 11545 2018-09-21 20:43:34Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 11545 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-21 22:43:34 +0200 (Fri, 21 Sep 2018) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from below link,\n\n http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n }\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^5\\.[56]\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-24T18:13:27"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ae6e45b9e805d1e7b7c3d344b832267548b6e075571cb38a4f342267629a04b7", "hashmap": [{"hash": "776cf6c16176cd68ade3f9822c26461f", "key": "cvelist"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "7d1d448093cfc442bca9f9aad9f9dbff", "key": "sourceData"}, {"hash": "c69565fbdbc4b229002909d263e7e6bf", "key": "description"}, {"hash": "fcf0306dd969c48970baf9ed3730de53", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "6981315f1ce834193c007c6f0ad98d43", "key": "pluginID"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "e49f41fbad330d4c471496946b37aa62", "key": "published"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "ec66f0eeffca639d554256cb0342629d", "key": "href"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "fd16da6e3d81eb446bea6ffa20f7a7d4", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "id": "OPENVAS:1361412562310808145", "lastseen": "2018-09-01T23:45:22", "modified": "2017-10-24T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310808145", "published": "2016-06-03T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from below link,\n http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\",\"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nmysqlVer = \"\";\nsqlPort = \"\";\n\n## Get Port\nif(!sqlPort = get_app_port(cpe:CPE))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n }\n}\n\n## Get version\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(-1);\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:45:22"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "cf06d710b8f192e783aeda8348fb5166dfd96cb3fa2bc7d19e2bd743808d2339", "hashmap": [{"hash": "776cf6c16176cd68ade3f9822c26461f", "key": "cvelist"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "7d1d448093cfc442bca9f9aad9f9dbff", "key": "sourceData"}, {"hash": "c69565fbdbc4b229002909d263e7e6bf", "key": "description"}, {"hash": "fcf0306dd969c48970baf9ed3730de53", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "6981315f1ce834193c007c6f0ad98d43", "key": "pluginID"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "e49f41fbad330d4c471496946b37aa62", "key": "published"}, {"hash": "ec66f0eeffca639d554256cb0342629d", "key": "href"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "fd16da6e3d81eb446bea6ffa20f7a7d4", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "id": "OPENVAS:1361412562310808145", "lastseen": "2018-08-30T19:20:40", "modified": "2017-10-24T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310808145", "published": "2016-06-03T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from below link,\n http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\",\"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nmysqlVer = \"\";\nsqlPort = \"\";\n\n## Get Port\nif(!sqlPort = get_app_port(cpe:CPE))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n }\n}\n\n## Get version\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(-1);\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:20:40"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-2573"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "edition": 1, "enchantments": {}, "hash": "c860f6d023c05c67be38d7de97b2f273d1c6392f1646a414eadd1a7be059ff25", "hashmap": [{"hash": "776cf6c16176cd68ade3f9822c26461f", "key": "cvelist"}, {"hash": "c69565fbdbc4b229002909d263e7e6bf", "key": "description"}, {"hash": "fcf0306dd969c48970baf9ed3730de53", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "6981315f1ce834193c007c6f0ad98d43", "key": "pluginID"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "e49f41fbad330d4c471496946b37aa62", "key": "published"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "ec66f0eeffca639d554256cb0342629d", "key": "href"}, {"hash": "ea106ff9c2727a6e906e8959871e7c06", "key": "reporter"}, {"hash": "fd16da6e3d81eb446bea6ffa20f7a7d4", "key": "title"}, {"hash": "d948560e12e31052d4d40e4de5c4b1e8", "key": "modified"}, {"hash": "270f17ae59580083df64982b277a0379", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808145", "id": "OPENVAS:1361412562310808145", "lastseen": "2017-07-02T21:12:51", "modified": "2017-04-06T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310808145", "published": "2016-06-03T00:00:00", "references": ["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"], "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 5877 2017-04-06 09:01:48Z teissa $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 5877 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-06 11:01:48 +0200 (Thu, 06 Apr 2017) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from below link,\n http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\",\"Host/runs_unixoide\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\nmysqlVer = \"\";\nsqlPort = \"\";\n\nif(host_runs(\"Linux\") != \"yes\"){\n exit(0);\n}\n\n## Get Port\nif(!sqlPort = get_app_port(cpe:CPE))\n{\n CPE = \"cpe:/a:mysql:mysql\";\n if(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n }\n}\n\n## Get version\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(-1);\n}\n\nif(mysqlVer =~ \"^(5\\.(5|6))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = 'Installed version: ' + mysqlVer + '\\n';\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:12:51"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "776cf6c16176cd68ade3f9822c26461f"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "c69565fbdbc4b229002909d263e7e6bf"}, {"key": "href", "hash": "ec66f0eeffca639d554256cb0342629d"}, {"key": "modified", "hash": "de6c54194cb6f640b1e75f710a6f9167"}, {"key": "naslFamily", "hash": "ea2ef9b0d095bf991f4973633b485340"}, {"key": "pluginID", "hash": "6981315f1ce834193c007c6f0ad98d43"}, {"key": "published", "hash": "e49f41fbad330d4c471496946b37aa62"}, {"key": "references", "hash": "fcf0306dd969c48970baf9ed3730de53"}, {"key": "reporter", "hash": "ea106ff9c2727a6e906e8959871e7c06"}, {"key": "sourceData", "hash": "24e08e4149552ff45c36c28040859422"}, {"key": "title", "hash": "fd16da6e3d81eb446bea6ffa20f7a7d4"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "c07bd9c221426906f6a5a629844e1ffba12f2ff336bd867dfff75ba3ee7d8462", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2573", "CVE-2015-2568", "CVE-2015-0433", "CVE-2015-0441"]}, {"type": "nessus", "idList": ["MARIADB_5_5_42.NASL", "SLACKWARE_SSA_2015-132-01.NASL", "DEBIAN_DSA-3229.NASL", "SLACKWARE_SSA_2015-132-02.NASL", "UBUNTU_USN-2575-1.NASL", "MYSQL_5_6_23.NASL", "SUSE_SU-2015-1273-1.NASL", "REDHAT-RHSA-2015-1665.NASL", "CENTOS_RHSA-2015-1665.NASL", "SL_20150824_MARIADB_ON_SL7_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805171", "OPENVAS:1361412562310703229", "OPENVAS:703229", "OPENVAS:1361412562310842173", "OPENVAS:1361412562310850932", "OPENVAS:703311", "OPENVAS:1361412562310882257", "OPENVAS:1361412562310121400", "OPENVAS:1361412562310123020", "OPENVAS:1361412562310871435"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3229-1:98A45", "DEBIAN:DSA-3311-1:6679E"]}, {"type": "slackware", "idList": ["SSA-2015-132-01", "SSA-2015-132-02"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32349", "SECURITYVULNS:VULN:14393"]}, {"type": "ubuntu", "idList": ["USN-2575-1"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1273-1", "OPENSUSE-SU-2015:1216-1", "SUSE-SU-2015:0946-1"]}, {"type": "centos", "idList": ["CESA-2015:1665", "CESA-2015:1628"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1665", "ELSA-2015-1628"]}, {"type": "redhat", "idList": ["RHSA-2015:1647", "RHSA-2015:1665", "RHSA-2015:1629", "RHSA-2015:1628"]}, {"type": "gentoo", "idList": ["GLSA-201507-19"]}, {"type": "f5", "idList": ["F5:K17115", "SOL17115"]}, {"type": "kaspersky", "idList": ["KLA10553"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015-2365600", "ORACLE:CPUOCT2016-2881722"]}], "modified": "2019-05-29T18:34:55"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:34:55"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln33_jun16_lin.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-22 Jun16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808145\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n\n script_tag(name:\"creation_date\", value:\"2016-06-03 13:42:38 +0530 (Fri, 03 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-33 Jun16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^5\\.[56]\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "naslFamily": "Databases", "pluginID": "1361412562310808145", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:14:40", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.", "modified": "2019-02-05T17:49:00", "id": "CVE-2015-2573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2573", "published": "2015-04-16T17:00:00", "title": "CVE-2015-2573", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:40", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.", "modified": "2019-02-05T17:45:00", "id": "CVE-2015-2568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2568", "published": "2015-04-16T17:00:00", "title": "CVE-2015-2568", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.", "modified": "2019-02-01T17:51:00", "id": "CVE-2015-0441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0441", "published": "2015-04-16T16:59:00", "title": "CVE-2015-0441", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:39", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.", "modified": "2019-02-01T18:04:00", "id": "CVE-2015-0433", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0433", "published": "2015-04-16T16:59:00", "title": "CVE-2015-0433", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-11-03T11:38:02", "bulletinFamily": "scanner", "description": "The version of MariaDB running of remote host is 5.5.0 prior to\n5.5.42. It is, therefore, affected by multiple vulnerabilities", "modified": "2019-11-02T00:00:00", "id": "MARIADB_5_5_42.NASL", "href": "https://www.tenable.com/plugins/nessus/121190", "published": "2019-01-16T00:00:00", "title": "MariaDB 5.5.0 < 5.5.42 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121190);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\n \"CVE-2015-0433\",\n \"CVE-2015-0441\",\n \"CVE-2015-2568\",\n \"CVE-2015-2573\"\n );\n\n script_name(english:\"MariaDB 5.5.0 < 5.5.42 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mariadb.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running of remote host is 5.5.0 prior to\n5.5.42. It is, therefore, affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.tokutek.com/tokudb/tokudb-release-notes.html#tokudb-7-5-5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mariadb.org\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-5542-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.42 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2568\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Service/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant: 'MariaDB', min:'5.5.0-MariaDB', fixed:make_list('5.5.42-MariaDB'), severity:SECURITY_WARNING);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:30:58", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2575-1.NASL", "href": "https://www.tenable.com/plugins/nessus/82993", "published": "2015-04-22T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2575-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82993);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:44\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"USN\", value:\"2575-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mysql-5.5 vulnerabilities (USN-2575-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes a new upstream MySQL version to fix these issues. MySQL has\nbeen updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.h\ntml.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2575-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql-server-5.5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.43-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:10:48", "bulletinFamily": "scanner", "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2015-132-01.NASL", "href": "https://www.tenable.com/plugins/nessus/83371", "published": "2015-05-13T00:00:00", "title": "Slackware 14.1 / current : mariadb (SSA:2015-132-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-132-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83371);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/07/19 04:39:47 $\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"SSA\", value:\"2015-132-01\");\n\n script_name(english:\"Slackware 14.1 / current : mariadb (SSA:2015-132-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea9c396\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.18\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.18\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:21:21", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3229.NASL", "href": "https://www.tenable.com/plugins/nessus/82865", "published": "2015-04-20T00:00:00", "title": "Debian DSA-3229-1 : mysql-5.5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3229. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82865);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"DSA\", value:\"3229\");\n\n script_name(english:\"Debian DSA-3229-1 : mysql-5.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details :\n\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -42.html\n -\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5\n -43.html\n\n -\n http://www.oracle.com/technetwork/topics/security/cpuapr\n 2015-2365600.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56618dc1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mysql-5.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3229\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-5.5 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already\navailable through jessie-security.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient-dev\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqlclient18\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-dev\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmysqld-pic\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-client-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-common\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-server-core-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-source-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mysql-testsuite-5.5\", reference:\"5.5.43-0+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:10:48", "bulletinFamily": "scanner", "description": "New mysql packages are available for Slackware 14.0 to fix security\nissues.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2015-132-02.NASL", "href": "https://www.tenable.com/plugins/nessus/83372", "published": "2015-05-13T00:00:00", "title": "Slackware 14.0 : mysql (SSA:2015-132-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-132-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83372);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/07/19 04:39:47 $\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"SSA\", value:\"2015-132-02\");\n\n script_name(english:\"Slackware 14.0 : mysql (SSA:2015-132-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 14.0 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?587c1012\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"mysql\", pkgver:\"5.5.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"mysql\", pkgver:\"5.5.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:18:17", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - Logjam attack: mysql uses 512 bit dh groups in SSL\n [bnc#934789]\n\n - CVE-2015-3152: mysql --ssl does not enforce SSL\n [bnc#924663]\n\n - CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n - CVE-2015-2325: heap buffer overflow in compile_branch()\n [bnc#924960]\n\n - CVE-2015-2326: heap buffer overflow in pcre_compile2()\n [bnc#924961]\n\n - CVE-2015-0501: unspecified vulnerability related to\n Server:Compiling (CPU April 2015)\n\n - CVE-2015-2571: unspecified vulnerability related to\n Server:Optimizer (CPU April 2015)\n\n - CVE-2015-0505: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0499: unspecified vulnerability related to\n Server:Federated (CPU April 2015)\n\n - CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n - CVE-2015-2573: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n - CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2015-1273-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84913", "published": "2015-07-22T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1273-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84913);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/09/11 11:22:12\");\n\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\");\n script_bugtraq_id(71206, 74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115, 74398, 75174, 75175);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:1273-1) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - Logjam attack: mysql uses 512 bit dh groups in SSL\n [bnc#934789]\n\n - CVE-2015-3152: mysql --ssl does not enforce SSL\n [bnc#924663]\n\n - CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n - CVE-2015-2325: heap buffer overflow in compile_branch()\n [bnc#924960]\n\n - CVE-2015-2326: heap buffer overflow in pcre_compile2()\n [bnc#924961]\n\n - CVE-2015-0501: unspecified vulnerability related to\n Server:Compiling (CPU April 2015)\n\n - CVE-2015-2571: unspecified vulnerability related to\n Server:Optimizer (CPU April 2015)\n\n - CVE-2015-0505: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0499: unspecified vulnerability related to\n Server:Federated (CPU April 2015)\n\n - CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n - CVE-2015-2573: unspecified vulnerability related to\n Server:DDL (CPU April 2015)\n\n - CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n - CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=906574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0499/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0501/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2325/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2326/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2568/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2571/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3152/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151273-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb0c49d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-332=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-332=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-332=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.20-18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.20-18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:57:27", "bulletinFamily": "scanner", "description": "The version of MySQL running on the remote host is version 5.5.x\nprior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore,\npotentially affected by multiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn", "modified": "2019-11-02T00:00:00", "id": "MYSQL_5_6_23.NASL", "href": "https://www.tenable.com/plugins/nessus/82799", "published": "2015-04-15T00:00:00", "title": "MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82799);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2015-0405\",\n \"CVE-2015-0423\",\n \"CVE-2015-0433\",\n \"CVE-2015-0438\",\n \"CVE-2015-0439\",\n \"CVE-2015-0441\",\n \"CVE-2015-2566\",\n \"CVE-2015-2568\",\n \"CVE-2015-2573\"\n );\n script_bugtraq_id(\n 71934,\n 74073,\n 74078,\n 74085,\n 74089,\n 74091,\n 74098,\n 74103,\n 74110,\n 74126\n );\n\n script_name(english:\"MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is version 5.5.x\nprior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore,\npotentially affected by multiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - Additionally, there are unspecified flaws in the\n following MySQL subcomponents that allow a denial of\n service by an authenticated, remote attacker :\n\n - XA (CVE-2015-0405)\n - Optimizer (CVE-2015-0423)\n - InnoDB : DML (CVE-2015-0433)\n - Partition (CVE-2015-0438)\n - InnoDB (CVE-2015-0439)\n - Security : Encryption (CVE-2015-0441)\n - DML (CVE-2015-2566)\n - Security : Privileges (CVE-2015-2568)\n - DDL (CVE-2015-2573)\");\n # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?915d056a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.42 / 5.6.23 or later as referenced in the\nOracle April 2015 Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\nmysql_check_version(fixed:make_list('5.5.42', '5.6.23'), severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:21:22", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.20. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-\n notes/", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3311.NASL", "href": "https://www.tenable.com/plugins/nessus/84839", "published": "2015-07-20T00:00:00", "title": "Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3311. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84839);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_bugtraq_id(74070, 74073, 74078, 74089, 74095, 74103, 74112, 74115);\n script_xref(name:\"DSA\", value:\"3311\");\n\n script_name(english:\"Debian DSA-3311-1 : mariadb-10.0 - security update (BACKRONYM)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.20. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-\n notes/\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-\n notes/\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10017-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10018-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10019-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10020-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 10.0.20-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.20-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.20-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:40:39", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201507-19\n(MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in execution of arbitrary code with the privileges of the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201507-19.NASL", "href": "https://www.tenable.com/plugins/nessus/86088", "published": "2015-09-23T00:00:00", "title": "GLSA-201507-19 : MySQL: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201507-19.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86088);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/09/23 14:26:24 $\");\n\n script_cve_id(\"CVE-2015-0405\", \"CVE-2015-0423\", \"CVE-2015-0433\", \"CVE-2015-0438\", \"CVE-2015-0439\", \"CVE-2015-0441\", \"CVE-2015-0498\", \"CVE-2015-0499\", \"CVE-2015-0500\", \"CVE-2015-0501\", \"CVE-2015-0503\", \"CVE-2015-0505\", \"CVE-2015-0506\", \"CVE-2015-0507\", \"CVE-2015-0508\", \"CVE-2015-0511\", \"CVE-2015-2566\", \"CVE-2015-2567\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_bugtraq_id(70574, 72132, 72136, 72137, 72140, 72142, 72148, 72150, 72154, 72155, 72159, 72162, 72165, 72168, 72169, 72173, 72175, 72176, 74070, 74073, 74078, 74081, 74085, 74086, 74089, 74091, 74095, 74098, 74102, 74103, 74110, 74112, 74115, 74120, 74121, 74123, 74126, 74130, 74133);\n script_xref(name:\"GLSA\", value:\"201507-19\");\n\n script_name(english:\"GLSA-201507-19 : MySQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201507-19\n(MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could send a specially crafted request, possibly\n resulting in execution of arbitrary code with the privileges of the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201507-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL 5.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.5.43'\n All MySQL 5.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.24'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"rge 5.5.43\", \"ge 5.6.24\"), vulnerable:make_list(\"lt 5.6.24\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T03:14:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1665 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/85612", "published": "2015-08-25T00:00:00", "title": "Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1665 and \n# Oracle Linux Security Advisory ELSA-2015-1665 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85612);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-4864\");\n script_xref(name:\"RHSA\", value:\"2015:1665\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1665 :\n\nUpdated mariadb packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not\nrequire a client to use SSL/TLS when establishing a secure connection\nto a MySQL server using the '--ssl' option. A man-in-the-middle\nattacker could use this flaw to strip the SSL/TLS protection from a\nconnection between a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571,\nCVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573,\nCVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete\nlist of changes.\n\nAll MariaDB users should upgrade to these updated packages, which\ncorrect these issues. After installing this update, the MariaDB server\ndaemon (mysqld) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005358.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.44-1.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.44-1.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2019-01-08T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310805171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805171", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-02 Apr15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_unspecified_vuln02_apr15_win.nasl 12983 2019-01-08 15:30:19Z cfischer $\n#\n# Oracle MySQL Multiple Unspecified vulnerabilities-02 Apr15 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805171\");\n script_version(\"$Revision: 12983 $\");\n script_cve_id(\"CVE-2015-2573\", \"CVE-2015-2568\", \"CVE-2015-0441\", \"CVE-2015-0433\");\n script_bugtraq_id(74078, 74073, 74103, 74089);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-08 16:30:19 +0100 (Tue, 08 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 13:09:23 +0530 (Wed, 22 Apr 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified vulnerabilities-02 Apr15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors in the MySQL Server\n component via unknown vectors related to DDL, Server : Security : Privileges,\n Server : Security : Encryption, InnoDB : DML.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allows an\n authenticated remote attacker to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.5.41 and earlier,\n and 5.6.22 and earlier on windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:mysql:mysql\", \"cpe:/a:oracle:mysql\" );\n\nif(!infos = get_all_app_ports_from_list(cpe_list:cpe_list)) exit( 0 );\nCPE = infos['cpe'];\nsqlPort = infos['port'];\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^5\\.[56]\\.\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.5\", test_version2:\"5.5.41\")||\n version_in_range(version:mysqlVer, test_version:\"5.6\", test_version2:\"5.6.22\"))\n {\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version:\"Apply the patch\", install_path:mysqlPath);\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:42", "bulletinFamily": "scanner", "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle", "modified": "2017-07-07T00:00:00", "published": "2015-04-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703229", "id": "OPENVAS:703229", "title": "Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3229.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3229-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703229);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_name(\"Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-19 00:00:00 +0200 (Sun, 19 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3229.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mysql-5.5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"MySQL is a fast, stable and true\nmulti-user, multi-threaded SQL database server.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43. Please see the MySQL 5.5 Release Notes and\nOracle's Critical Patch Update advisory for further details:\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.43-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310842173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842173", "title": "Ubuntu Update for mysql-5.5 USN-2575-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mysql-5.5 USN-2575-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842173\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:23:53 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mysql-5.5 USN-2575-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-5.5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\nin MySQL and this update includes a new upstream MySQL version to fix these issues.\nMySQL has been updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_tag(name:\"affected\", value:\"mysql-5.5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2575-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2575-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "description": "Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43.", "modified": "2019-03-18T00:00:00", "published": "2015-04-19T00:00:00", "id": "OPENVAS:1361412562310703229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703229", "title": "Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3229.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3229-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703229\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\");\n script_name(\"Debian Security Advisory DSA 3229-1 (mysql-5.5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-19 00:00:00 +0200 (Sun, 19 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3229.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"mysql-5.5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin the MySQL database server. The vulnerabilities are addressed by upgrading MySQL\nto the new upstream version 5.5.43.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmysqlclient-dev\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:amd64\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqlclient18:i386\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-dev\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmysqld-pic\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-client-5.5\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-5.5\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-server-core-5.5\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-source-5.5\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mysql-testsuite-5.5\", ver:\"5.5.43-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850932", "title": "SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_1273_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850932\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:39:25 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-8964\", \"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-3152\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update fixes the following security issues:\n\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\");\n script_tag(name:\"affected\", value:\"mariadb on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1273_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"SLES12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.20~18.1\", rls:\"SLES12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20.", "modified": "2019-03-18T00:00:00", "published": "2015-07-20T00:00:00", "id": "OPENVAS:1361412562310703311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703311", "title": "Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3311.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703311\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_name(\"Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3311.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mariadb-10.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.20-0+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "Check the version of mariadb", "modified": "2019-03-08T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310882257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882257", "title": "CentOS Update for mariadb CESA-2015:1665 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mariadb CESA-2015:1665 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882257\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\",\n \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:18:59 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for mariadb CESA-2015:1665 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of mariadb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require\na client to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the '--ssl' option. A man-in-the-middle attacker\ncould use this flaw to strip the SSL/TLS protection from a connection\nbetween a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1665\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021345.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-08-25T00:00:00", "id": "OPENVAS:1361412562310871435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871435", "title": "RedHat Update for mariadb RHSA-2015:1665-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mariadb RHSA-2015:1665-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871435\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\",\n \"CVE-2015-3152\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-25 07:59:09 +0200 (Tue, 25 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mariadb RHSA-2015:1665-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require\na client to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the '--ssl' option. A man-in-the-middle attacker\ncould use this flaw to strip the SSL/TLS protection from a connection\nbetween a client and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"mariadb on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1665-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00040.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1665", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123020", "title": "Oracle Linux Local Check: ELSA-2015-1665", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1665.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123020\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1665\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1665 - mariadb security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1665\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1665.html\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\", \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\", \"CVE-2015-2582\", \"CVE-2015-2620\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-4737\", \"CVE-2015-4752\", \"CVE-2015-4757\", \"CVE-2015-3152\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-devel\", rpm:\"mariadb-devel~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded\", rpm:\"mariadb-embedded~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-embedded-devel\", rpm:\"mariadb-embedded-devel~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-libs\", rpm:\"mariadb-libs~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-server\", rpm:\"mariadb-server~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~5.5.44~1.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:53:19", "bulletinFamily": "scanner", "description": "Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/", "modified": "2017-07-07T00:00:00", "published": "2015-07-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703311", "id": "OPENVAS:703311", "title": "Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3311.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703311);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0433\", \"CVE-2015-0441\", \"CVE-2015-0499\", \"CVE-2015-0501\",\n \"CVE-2015-0505\", \"CVE-2015-2568\", \"CVE-2015-2571\", \"CVE-2015-2573\",\n \"CVE-2015-2582\", \"CVE-2015-2643\", \"CVE-2015-2648\", \"CVE-2015-3152\",\n \"CVE-2015-4752\", \"CVE-2015-4757\");\n script_name(\"Debian Security Advisory DSA 3311-1 (mariadb-10.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-20 00:00:00 +0200 (Mon, 20 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:M/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3311.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mariadb-10.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\nhttps://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmariadbd-dev\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-client-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-common\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-connect-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-oqgraph-engine-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-server-core-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mariadb-test-10.0\", ver:\"10.0.20-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:10", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3311-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 20, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mariadb-10.0\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501\n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\n CVE-2015-3152\n\nSeveral issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:\n\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\nhttps://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.\n\nWe recommend that you upgrade your mariadb-10.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-07-20T05:25:59", "published": "2015-07-20T05:25:59", "id": "DEBIAN:DSA-3311-1:6679E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00207.html", "title": "[SECURITY] [DSA 3311-1] mariadb-10.0 security update", "type": "debian", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:21:29", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3229-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nApril 19, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-5.5\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 \n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\nDebian Bug : 782645\n\nSeveral issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle&#x27;s\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\nhttps://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.43-0+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.\n\nWe recommend that you upgrade your mysql-5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-04-19T06:03:14", "published": "2015-04-19T06:03:14", "id": "DEBIAN:DSA-3229-1:98A45", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00117.html", "title": "[SECURITY] [DSA 3229-1] mysql-5.5 security update", "type": "debian", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:00", "bulletinFamily": "unix", "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.18-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.18-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n17905b4257617eb8b1dc8dd128959b02 mariadb-5.5.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89560390c29526d793ccbbf18807c09f mariadb-5.5.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6ff4004dedd522fcd7de14a7b4d8f3be ap/mariadb-10.0.18-i586-1.txz\n\nSlackware x86_64 -current package:\n91b13958f3ab6bc8fe2b89d2b06d98dd ap/mariadb-10.0.18-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-5.5.43-i486-1_slack14.1.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2015-05-12T00:24:00", "published": "2015-05-12T00:24:00", "id": "SSA-2015-132-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.381697", "title": "mariadb", "type": "slackware", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T07:37:21", "bulletinFamily": "unix", "description": "New mysql packages are available for Slackware 14.0 to fix security issues.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/mysql-5.5.43-i486-1_slack14.0.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mysql-5.5.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mysql-5.5.43-x86_64-1_slack14.0.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n758c941ee676f5a5ad0fb89c7f158ff7 mysql-5.5.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8ac068f9d30a39bf245061fa15d98d82 mysql-5.5.43-x86_64-1_slack14.0.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-5.5.43-i486-1_slack14.0.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2015-05-12T00:24:16", "published": "2015-05-12T00:24:16", "id": "SSA-2015-132-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339829", "title": "mysql", "type": "slackware", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:24", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html> <http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html>", "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "USN-2575-1", "href": "https://usn.ubuntu.com/2575-1/", "title": "MySQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3311-1 security@debian.org\r\nhttps://www.debian.org/security/ Salvatore Bonaccorso\r\nJuly 20, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mariadb-10.0\r\nCVE ID : CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501\r\n CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573\r\n CVE-2015-3152\r\n\r\nSeveral issues have been discovered in the MariaDB database server. The\r\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\r\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\r\ndetails:\r\n\r\n https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\r\n https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\r\n\r\nFor the stable distribution &#40;jessie&#41;, these problems have been fixed in\r\nversion 10.0.20-0+deb8u1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 10.0.20-1 or earlier versions.\r\n\r\nWe recommend that you upgrade your mariadb-10.0 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVrIYBAAoJEAVMuPMTQ89EdIAQAJdlVgw+55A0llZY8DhqZg6D\r\nR8gNis9vRgbGDRx10fO18q4gprPfK64bh5GoEf7CCI+WOW0E+JyxgJzdPISOKjGz\r\nGTcgBZ2dzjv283vkHD5uWFJcdwIpLO0R3pyjqKZWCURm8UpjrF4e9gUG64ZuC1eV\r\nGvTkdFwgtj15STidIpDXx9lrHAdTsdnhUb4H2OVfvGlkgqxMipOsVldOYemJsUKE\r\n1AqObB+Rqtkk++tf3xU5TnR6wWLMBKGjFsofVBcbhwGy58IH8o2m9sG0/0IBVmUP\r\naoXzTEZVU2ou32hIhcoVoGMn4FfKxOfE9aU2YTLkAhzkv0AZKFNQnB0owXxOZLBe\r\nHV8LhDFPQTSzHqYspkOj1vD9DAifMayrPayBnbkkAcCh2cMp7Eciso6tKhiZyQFU\r\n4Gts0Kh8n3Qh1yOrKhkP9yR0Kp2jJSIJ7TRm1YK0+Z4hFsms4hS6luI1nwwtKVrg\r\nrqTsYRvUucVFSi7yrvwnzuh6R875qvgNGhpN4pskJ1T+yafu1QRtloWEoD/ilG97\r\nAYvKmi4JID4tswnxzRMAzIQ69114rBEpfh5mPe92ScfLlmdDch+HotQjv7yPZBAv\r\niY5EUKBLATmPNf0gzbeZQxu4EhjqWEWI/v9E77xRfYPUPugx/Zs+TZJ3t1knaGCK\r\njAGWX7MbCQGk0QrAWeo0\r\n=f+xe\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "SECURITYVULNS:DOC:32349", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32349", "title": "[SECURITY] [DSA 3311-1] mariadb-10.0 security update", "type": "securityvulns", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "Over 90 different vulnerabilities are fixed in quarterly update.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "SECURITYVULNS:VULN:14393", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14393", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "description": "This update fixes the following security issues:\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\n", "modified": "2015-07-21T16:08:23", "published": "2015-07-21T16:08:23", "id": "SUSE-SU-2015:1273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html", "type": "suse", "title": "Security update for mariadb (important)", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "modified": "2015-07-09T17:08:05", "published": "2015-07-09T17:08:05", "id": "OPENSUSE-SU-2015:1216-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "title": "Security update for MariaDB (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:42", "bulletinFamily": "unix", "description": "MySQL was updated to version 5.5.43 to fix several security and non\n security issues:\n\n * CVEs fixed: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571,\n CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205,\n CVE-2015-0206, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433,\n CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498,\n CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503,\n CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508,\n CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568,\n CVE-2015-2571, CVE-2015-2573, CVE-2015-2576.\n * Fix integer overflow in regcomp (Henry Spencer's regex library) for\n excessively long pattern strings. (bnc#922043, CVE-2015-2305)\n\n For a comprehensive list of changes, refer to\n <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html</a>\n &lt;<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html</a>&gt; .\n\n Security Issues:\n\n * CVE-2014-3569\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569</a>&gt;\n * CVE-2014-3570\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570</a>&gt;\n * CVE-2014-3571\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571</a>&gt;\n * CVE-2014-3572\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572</a>&gt;\n * CVE-2014-8275\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275</a>&gt;\n * CVE-2015-0204\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204</a>&gt;\n * CVE-2015-0205\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205</a>&gt;\n * CVE-2015-0206\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206</a>&gt;\n * CVE-2015-0405\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405</a>&gt;\n * CVE-2015-0423\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423</a>&gt;\n * CVE-2015-0433\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433</a>&gt;\n * CVE-2015-0438\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438</a>&gt;\n * CVE-2015-0439\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439</a>&gt;\n * CVE-2015-0441\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441</a>&gt;\n * CVE-2015-0498\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498</a>&gt;\n * CVE-2015-0499\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499</a>&gt;\n * CVE-2015-0500\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500</a>&gt;\n * CVE-2015-0501\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501</a>&gt;\n * CVE-2015-0503\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503</a>&gt;\n * CVE-2015-0505\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505</a>&gt;\n * CVE-2015-0506\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506</a>&gt;\n * CVE-2015-0507\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507</a>&gt;\n * CVE-2015-0508\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508</a>&gt;\n * CVE-2015-0511\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511</a>&gt;\n * CVE-2015-2566\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566</a>&gt;\n * CVE-2015-2567\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567</a>&gt;\n * CVE-2015-2568\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568</a>&gt;\n * CVE-2015-2571\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571</a>&gt;\n * CVE-2015-2573\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573</a>&gt;\n * CVE-2015-2576\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2576\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2576</a>&gt;\n * CVE-2015-2305\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305</a>&gt;\n\n", "modified": "2015-05-26T15:04:53", "published": "2015-05-26T15:04:53", "id": "SUSE-SU-2015:0946-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", "type": "suse", "title": "Security update for MySQL (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2015-0433,\nCVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568,\nCVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2643, CVE-2015-2648,\nCVE-2015-4752, CVE-2015-4757, CVE-2015-2620, CVE-2015-4737)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:23", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1629", "href": "https://access.redhat.com/errata/RHSA-2015:1629", "type": "redhat", "title": "(RHSA-2015:1629) Moderate: mysql55-mysql security update", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-04-12T03:33:26", "published": "2015-08-24T04:00:00", "id": "RHSA-2015:1665", "href": "https://access.redhat.com/errata/RHSA-2015:1665", "type": "redhat", "title": "(RHSA-2015:1665) Moderate: mariadb security update", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:04", "bulletinFamily": "unix", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2018-06-13T01:28:25", "published": "2015-08-20T04:00:00", "id": "RHSA-2015:1647", "href": "https://access.redhat.com/errata/RHSA-2015:1647", "type": "redhat", "title": "(RHSA-2015:1647) Moderate: mariadb55-mariadb security update", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "modified": "2017-09-08T12:13:43", "published": "2015-08-17T04:00:00", "id": "RHSA-2015:1628", "href": "https://access.redhat.com/errata/RHSA-2015:1628", "type": "redhat", "title": "(RHSA-2015:1628) Moderate: mysql55-mysql security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "description": "### Background\n\nMySQL is a fast, multi-threaded, multi-user SQL database server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL 5.5.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.5.43\"\n \n\nAll MySQL 5.6.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.6.24\"", "modified": "2015-07-10T00:00:00", "published": "2015-07-10T00:00:00", "id": "GLSA-201507-19", "href": "https://security.gentoo.org/glsa/201507-19", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "unix", "description": "[1:5.5.44-1]\n- Rebase to 5.5.44\n Resolves: #1247021", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "ELSA-2015-1665", "href": "http://linux.oracle.com/errata/ELSA-2015-1665.html", "title": "mariadb security update", "type": "oraclelinux", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "unix", "description": "[5.5.45-1]\n- Rebase to 5.5.45\n Includes fixes for: CVE-2014-6568 CVE-2015-0374\n CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432\n CVE-2015-0501 CVE-2015-2568 CVE-2015-0499 CVE-2015-2571 CVE-2015-0433\n CVE-2015-0441 CVE-2015-0505 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620\n CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757\n Resolves: #1247020", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "ELSA-2015-1628", "href": "http://linux.oracle.com/errata/ELSA-2015-1628.html", "title": "mysql55-mysql security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1665\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nIt was found that the MySQL client library permitted but did not require a\nclient to use SSL/TLS when establishing a secure connection to a MySQL\nserver using the \"--ssl\" option. A man-in-the-middle attacker could use\nthis flaw to strip the SSL/TLS protection from a connection between a\nclient and a server. (CVE-2015-3152)\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2015-0501,\nCVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441,\nCVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643,\nCVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757)\n\nThese updated packages upgrade MariaDB to version 5.5.44. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021345.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1665.html", "modified": "2015-08-25T16:08:22", "published": "2015-08-25T16:08:22", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021345.html", "id": "CESA-2015:1665", "title": "mariadb security update", "type": "centos", "cvss": {"score": 5.7, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1628\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory pages, listed in the References section. (CVE-2014-6568,\nCVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411,\nCVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501,\nCVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582,\nCVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752,\nCVE-2015-4757)\n\nThese updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021331.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1628.html", "modified": "2015-08-17T15:20:46", "published": "2015-08-17T15:20:46", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021331.html", "id": "CESA-2015:1628", "title": "mysql55 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2016-11-09T00:09:38", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS \n\n", "modified": "2016-06-28T00:00:00", "published": "2015-08-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html", "id": "SOL17115", "title": "SOL17115 - Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-03-21T18:28:50", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 530297 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.0 | None | Low | MySQL \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.0 | None | Low | MySQL \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP DNS | 12.0.0 | None | Low | MySQL \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.0 | None | Low | MySQL \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | MySQL \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | MySQL \nFirePass | None | 7.0.0 \n6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | MySQL \nBIG-IQ ADC | 4.5.0 | None | Low | MySQL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>) \n\n", "modified": "2017-04-06T16:51:00", "published": "2015-08-14T19:38:00", "id": "F5:K17115", "href": "https://support.f5.com/csp/article/K17115", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:39", "bulletinFamily": "info", "description": "### *Detect date*:\n04/16/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle MySQL. By exploiting these vulnerabilities malicious users can affect availability. These vulnerabilities can be exploited remotely via an unknown vectors related to InnoDB, Federated, DDL, Partition, SP, XA, Encryption and other unknown vectors.\n\n### *Affected products*:\nOracle MySQL Server 5.6 versions earlier than 5.6.24 \nOracle MySQL Server versions earlier than 5.5.43\n\n### *Solution*:\nUpdate to the latest version \n[Get MySQL](<http://www.mysql.com/downloads/>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Oracle MySQL](<https://threats.kaspersky.com/en/product/Oracle-MySQL/>)\n\n### *CVE-IDS*:\n[CVE-2014-3569](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569>)5.0High \n[CVE-2015-0508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0508>)4.0High \n[CVE-2015-0498](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0498>)1.7High \n[CVE-2015-0499](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499>)3.5High \n[CVE-2015-0433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433>)4.0High \n[CVE-2015-0438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0438>)4.0High \n[CVE-2015-0439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0439>)4.0High \n[CVE-2015-0506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0506>)3.5High \n[CVE-2015-0507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0507>)3.5High \n[CVE-2015-0505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505>)3.5High \n[CVE-2015-0503](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0503>)4.0High \n[CVE-2015-0500](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0500>)4.0High \n[CVE-2015-0501](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501>)5.7High \n[CVE-2015-0405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0405>)4.0High \n[CVE-2015-0423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0423>)4.0High \n[CVE-2015-0441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441>)4.0High \n[CVE-2015-2573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573>)4.0High \n[CVE-2015-2571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571>)4.0High \n[CVE-2015-2568](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568>)5.0High \n[CVE-2015-2567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2567>)3.5High \n[CVE-2015-2566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2566>)2.8High \n[CVE-2015-0511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0511>)2.8High", "modified": "2019-03-07T00:00:00", "published": "2015-04-16T00:00:00", "id": "KLA10553", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10553", "title": "\r KLA10553Denial of service vulnerabilities in Oracle MySQL ", "type": "kaspersky", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:59", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 98 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2015-05-20T00:00:00", "published": "2015-04-14T00:00:00", "id": "ORACLE:CPUAPR2015-2365600", "href": "", "title": "Oracle Critical Patch Update - April 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:59", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2019-05-16T00:00:00", "published": "2016-10-18T00:00:00", "id": "ORACLE:CPUOCT2016-2881722", "href": "", "title": "Oracle Critical Patch Update - October 2016", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}