Lucene search
Copyright (C) 2012 Greenbone Networks GmbHOPENVAS:1361412562310850182HistoryDec 13, 2012 - 12:00 a.m.
openSUSE: Security Advisory for mysql (openSUSE-SU-2012:0860-1)
2012-12-1300:00:00
Copyright (C) 2012 Greenbone Networks GmbH
plugins.openvas.org
18
6.7 Medium
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.7%
The remote host is missing an update for the
# Copyright (C) 2012 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850182");
script_version("2022-07-05T11:37:00+0000");
script_tag(name:"last_modification", value:"2022-07-05 11:37:00 +0000 (Tue, 05 Jul 2022)");
script_tag(name:"creation_date", value:"2012-12-13 17:01:55 +0530 (Thu, 13 Dec 2012)");
script_cve_id("CVE-2012-2122");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_xref(name:"openSUSE-SU", value:"2012:0860-1");
script_name("openSUSE: Security Advisory for mysql (openSUSE-SU-2012:0860-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mysql'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSE11\.4|openSUSE12\.1)");
script_tag(name:"affected", value:"mysql on openSUSE 12.1, openSUSE 11.4");
script_tag(name:"insight", value:"Fixing CVE-2012-2122: authentication bypass due to
incorrect type casting");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSE11.4") {
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient16", rpm:"libmysqlclusterclient16~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient16-debuginfo", rpm:"libmysqlclusterclient16-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient_r16", rpm:"libmysqlclusterclient_r16~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient_r16-debuginfo", rpm:"libmysqlclusterclient_r16-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster", rpm:"mysql-cluster~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-bench", rpm:"mysql-cluster-bench~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-bench-debuginfo", rpm:"mysql-cluster-bench-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-client", rpm:"mysql-cluster-client~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-client-debuginfo", rpm:"mysql-cluster-client-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debug", rpm:"mysql-cluster-debug~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debug-debuginfo", rpm:"mysql-cluster-debug-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debuginfo", rpm:"mysql-cluster-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debugsource", rpm:"mysql-cluster-debugsource~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-extra", rpm:"mysql-cluster-ndb-extra~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-extra-debuginfo", rpm:"mysql-cluster-ndb-extra-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-management", rpm:"mysql-cluster-ndb-management~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-management-debuginfo", rpm:"mysql-cluster-ndb-management-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-storage", rpm:"mysql-cluster-ndb-storage~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-storage-debuginfo", rpm:"mysql-cluster-ndb-storage-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-tools", rpm:"mysql-cluster-ndb-tools~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-tools-debuginfo", rpm:"mysql-cluster-ndb-tools-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-test", rpm:"mysql-cluster-test~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-test-debuginfo", rpm:"mysql-cluster-test-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-tools", rpm:"mysql-cluster-tools~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-tools-debuginfo", rpm:"mysql-cluster-tools-debuginfo~7.1.22~55.1", rls:"openSUSE11.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSE12.1") {
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient16", rpm:"libmysqlclusterclient16~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient16-debuginfo", rpm:"libmysqlclusterclient16-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient_r16", rpm:"libmysqlclusterclient_r16~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclusterclient_r16-debuginfo", rpm:"libmysqlclusterclient_r16-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster", rpm:"mysql-cluster~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-bench", rpm:"mysql-cluster-bench~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-bench-debuginfo", rpm:"mysql-cluster-bench-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-client", rpm:"mysql-cluster-client~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-client-debuginfo", rpm:"mysql-cluster-client-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debug", rpm:"mysql-cluster-debug~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debug-debuginfo", rpm:"mysql-cluster-debug-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debuginfo", rpm:"mysql-cluster-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-debugsource", rpm:"mysql-cluster-debugsource~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-extra", rpm:"mysql-cluster-ndb-extra~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-extra-debuginfo", rpm:"mysql-cluster-ndb-extra-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-management", rpm:"mysql-cluster-ndb-management~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-management-debuginfo", rpm:"mysql-cluster-ndb-management-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-storage", rpm:"mysql-cluster-ndb-storage~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-storage-debuginfo", rpm:"mysql-cluster-ndb-storage-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-tools", rpm:"mysql-cluster-ndb-tools~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-ndb-tools-debuginfo", rpm:"mysql-cluster-ndb-tools-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-test", rpm:"mysql-cluster-test~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-test-debuginfo", rpm:"mysql-cluster-test-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-tools", rpm:"mysql-cluster-tools~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-cluster-tools-debuginfo", rpm:"mysql-cluster-tools-debuginfo~7.1.22~2.7.1", rls:"openSUSE12.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
Related
canvas
canvas
Immunity Canvas: MYSQL_LOGIN_REMOTE
2012-06-26 18:55:00
securityvulns
securityvulns
[USN-1467-1] MySQL vulnerabilities
2012-06-12 00:00:00
MySQL authentication vulnerability
2012-06-12 00:00:00
ubuntucve
ubuntucve
CVE-2012-2122
2012-06-11 00:00:00
nessus
nessus
openSUSE Security Update : mysql-cluster (openSUSE-SU-2012:0860-1)
2014-06-13 00:00:00
Fedora 16 : mysql-5.5.24-1.fc16 (2012-9324)
2012-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: mysql-5.5.24-1.fc17
2012-06-17 22:24:29
[SECURITY] Fedora 16 Update: mysql-5.5.24-1.fc16
2012-06-26 21:30:56
[SECURITY] Fedora 17 Update: mysql-5.5.28-2.fc17
2012-12-15 18:00:29
packetstorm
packetstorm
Kartoo Search Engine XSS / Remote File Inclusion
2013-11-19 00:00:00
MySQL Remote Root Authentication Bypass
2012-06-12 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2012-06-11 00:00:00
openvas
openvas
Fedora Update for mysql FEDORA-2012-9308
2012-08-30 00:00:00
Fedora Update for mysql FEDORA-2012-9308
2012-08-30 00:00:00
Fedora Update for mysql FEDORA-2012-9324
2012-06-28 00:00:00
checkpoint_advisories
checkpoint_advisories
MySQL and MariaDB Incorrect Cast Policy Bypass - Ver2 (CVE-2012-2122)
2015-03-26 00:00:00
prion
prion
Authentication flaw
2012-06-26 18:55:00
osv
osv
mysql-5.1 - several
2012-06-18 00:00:00
suse
suse
mysql (CVE-2012-2122) (important)
2012-07-11 11:08:34
Security update for MySQL (important)
2012-08-13 19:08:39
seebug
seebug
MariaDB/MySQL 概率性任意密码(身份认证)登录漏洞(CVE-2012-2122)
2012-06-11 00:00:00
f5
f5
K14428 : MySQL vulnerability CVE-2012-2122
2013-09-23 00:00:00
SOL14428 - MySQL vulnerability CVE-2012-2122
2013-05-23 00:00:00
metasploit
metasploit
MySQL Authentication Bypass Password Dump
2012-06-17 11:19:53
amazon
amazon
Important: mysql55
2012-07-05 16:07:00
cve
cve
CVE-2012-2122
2012-06-26 18:55:00
thn
thn
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
2012-06-11 07:29:00
threatpost
threatpost
Trivial Password Flaw Leaves MySQL Databases Exposed
2012-06-11 14:03:23
veracode
veracode
Privilege Escalation
2021-08-28 21:30:09
exploitdb
exploitdb
HackBack - A DIY Guide
2016-04-17 00:00:00
nmap
nmap
mysql-vuln-cve2012-2122 NSE Script
2012-06-13 06:12:13
oraclelinux
oraclelinux
mysql security update
2013-01-22 00:00:00
centos
centos
mysql security update
2013-01-22 21:34:28
mysql security update
2012-11-15 03:44:02
redhat
redhat
(RHSA-2013:0180) Important: mysql security update
2013-01-22 00:00:00
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
debian
debian
[SECURITY] [DSA 2496-1] mysql-5.1 security update
2012-06-18 20:37:59
kitploit
kitploit
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
6.7 Medium
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.7%
Related for OPENVAS:1361412562310850182