5.8 Medium
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2012-December/019026.html");
script_oid("1.3.6.1.4.1.25623.1.0.881549");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2012-12-10 09:48:46 +0530 (Mon, 10 Dec 2012)");
script_cve_id("CVE-2012-5611");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_xref(name:"CESA", value:"2012:1551");
script_name("CentOS Update for mysql CESA-2012:1551 centos6");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mysql'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
script_tag(name:"affected", value:"mysql on CentOS 6");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
A stack-based buffer overflow flaw was found in the user permission
checking code in MySQL. An authenticated database user could use this flaw
to crash the mysqld daemon or, potentially, execute arbitrary code with the
privileges of the user running the mysqld daemon. (CVE-2012-5611)
All MySQL users should upgrade to these updated packages, which correct
this issue. After installing this update, the MySQL server daemon (mysqld)
will be restarted automatically.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-embedded", rpm:"mysql-embedded~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-embedded-devel", rpm:"mysql-embedded-devel~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-libs", rpm:"mysql-libs~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-test", rpm:"mysql-test~5.1.66~2.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}