ID OPENVAS:57167 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update as announced
via advisory SSA:2006-211-01.
# OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2006_211_01.nasl 6598 2017-07-07 09:36:44Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "New mysql packages are available for Slackware 10.2 to fix security
issues (and other bugs). For complete details about the many fixes
addressed by this release, you can find MySQL's news article about
the MySQL 4.1.21 Community Edition release here:
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html";
tag_summary = "The remote host is missing an update as announced
via advisory SSA:2006-211-01.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-211-01";
if(description)
{
script_id(57167);
script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $");
script_cve_id("CVE-2006-3469");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_version("$Revision: 6598 $");
name = "Slackware Advisory SSA:2006-211-01 mysql ";
script_name(name);
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("Slackware Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-slack.inc");
vuln = 0;
if(isslkpkgvuln(pkg:"mysql", ver:"4.1.21-i486-1_slack10.2", rls:"SLK10.2")) {
vuln = 1;
}
if(vuln) {
security_message(0);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:57167", "type": "openvas", "bulletinFamily": "scanner", "title": "Slackware Advisory SSA:2006-211-01 mysql", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.", "published": "2012-09-11T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57167", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2006-3469"], "lastseen": "2017-07-24T12:50:35", "viewCount": 1, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-07-24T12:50:35", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3469"]}, {"type": "gentoo", "idList": ["GLSA-200608-09"]}, {"type": "freebsd", "idList": ["FCB90EB0-2ACE-11DB-A6E2-000E0C2E438A"]}, {"type": "openvas", "idList": ["OPENVAS:57109", "OPENVAS:57257", "OPENVAS:57859", "OPENVAS:136141256231057167", "OPENVAS:1361412562310870033", "OPENVAS:870033"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200608-09.NASL", "MACOSX_10_4_9.NASL", "FREEBSD_PKG_FCB90EB02ACE11DBA6E2000E0C2E438A.NASL", "SL_20080724_MYSQL_ON_SL4_X.NASL", "REDHAT-RHSA-2008-0768.NASL", "DEBIAN_DSA-1112.NASL", "MYSQL_4_1_21.NASL", "UBUNTU_USN-321-1.NASL", "SLACKWARE_SSA_2006-211-01.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:27416"]}, {"type": "exploitdb", "idList": ["EDB-ID:28234"]}, {"type": "ubuntu", "idList": ["USN-321-1"]}, {"type": "slackware", "idList": ["SSA-2006-211-01"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1112-1:85EF3"]}, {"type": "redhat", "idList": ["RHSA-2008:0768"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0768"]}], "modified": "2017-07-24T12:50:35", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "57167", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_211_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release here:\n\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-211-01\";\n \nif(description)\n{\n script_id(57167);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-211-01 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.21-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Slackware Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:27:22", "description": "Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.", "edition": 5, "cvss3": {}, "published": "2006-07-21T14:03:00", "title": "CVE-2006-3469", "type": "cve", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3469"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:5.0.19", "cpe:/a:mysql:mysql:4.1.8", "cpe:/a:mysql:mysql:4.1.14", "cpe:/a:oracle:mysql:4.1.16", "cpe:/a:oracle:mysql:4.1.7", "cpe:/a:oracle:mysql:4.1.20", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:mysql:mysql:4.1.12", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:mysql:mysql:4.1.13", "cpe:/a:oracle:mysql:4.1.6", "cpe:/a:oracle:mysql:4.1.19", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:mysql:mysql:5.0.5.0.21", "cpe:/a:mysql:mysql:4.1.15", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:4.1.11", "cpe:/a:oracle:mysql:4.1.18", "cpe:/a:oracle:mysql:4.1.9", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:mysql:mysql:5.0.17"], "id": "CVE-2006-3469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3469", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469"], "description": "Jean-David Maillefer discovered a format string bug in the \ndate_format() function's error reporting. By calling the function with \ninvalid arguments, an authenticated user could exploit this to crash \nthe server.", "edition": 6, "modified": "2006-07-21T00:00:00", "published": "2006-07-21T00:00:00", "id": "USN-321-1", "href": "https://ubuntu.com/security/notices/USN-321-1", "title": "mysql-dfsg-4.1 vulnerability", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469"], "description": "New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release here:\n\n http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.21-i486-1_slack10.2.tgz:\n Upgraded to mysql-4.1.21.\n This is a bugfix and security release.\n For more details, see MySQL's news page about MySQL 4.1.21:\n http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n The CVE entry may be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469\n Thanks to Nino Petkov for pointing out this MySQL release to me. :-)\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n36f6f7f158bf00953e5a0bd29737bc7c mysql-4.1.21-i486-1_slack10.2.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.21-i486-1_slack10.2.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "modified": "2006-07-31T03:23:42", "published": "2006-07-31T03:23:42", "id": "SSA-2006-211-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.387994", "type": "slackware", "title": "[slackware-security] mysql", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-3469"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mysql.com/\nVendor Specific News/Changelog Entry: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694\nVendor Specific News/Changelog Entry: http://bugs.mysql.com/bug.php?id=20729\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-1112)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-321-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200608-09.xml)\n[Secunia Advisory ID:21147](https://secuniaresearch.flexerasoftware.com/advisories/21147/)\n[Secunia Advisory ID:21366](https://secuniaresearch.flexerasoftware.com/advisories/21366/)\n[CVE-2006-3469](https://vulners.com/cve/CVE-2006-3469)\nBugtraq ID: 19032\n", "modified": "2006-06-27T11:34:09", "published": "2006-06-27T11:34:09", "href": "https://vulners.com/osvdb/OSVDB:27416", "id": "OSVDB:27416", "title": "MySQL Server time.cc date_format Function Format String", "type": "osvdb", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:57257", "href": "http://plugins.openvas.org/nasl.php?oid=57257", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "sourceData": "#\n#VID fcb90eb0-2ace-11db-a6e2-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2006-3469\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=20729\nhttp://www.vuxml.org/freebsd/fcb90eb0-2ace-11db-a6e2-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57257);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.6\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.19\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"4.1.18\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057167", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057167", "type": "openvas", "title": "Slackware Advisory SSA:2006-211-01 mysql", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_211_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57167\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-211-01 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK10\\.2\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-211-01\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release in the references.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.21-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-09.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57859", "href": "http://plugins.openvas.org/nasl.php?oid=57859", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-09 (mysql)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An authenticated user can crash MySQL through invalid parameters to the\ndate_format function.\";\ntag_solution = \"All MySQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --verbose --oneshot '>=dev-db/mysql-4.1.21'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=142429\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-09.\";\n\n \n\nif(description)\n{\n script_id(57859);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200608-09 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 4.1.21\", \"lt 4.1.0\"), vulnerable: make_list(\"lt 4.1.21\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3081", "CVE-2006-3469"], "description": "The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1112-1.\n\nSeveral local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-3081\n\nKanatoko discovered that the server can be crashed with feeding\nNULL values to the str_to_date() function.\n\nCVE-2006-3469\n\nJean-David Maillefer discovered that the server can be crashed with\nspecially crafted date_format() function calls.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57109", "href": "http://plugins.openvas.org/nasl.php?oid=57109", "type": "openvas", "title": "Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1112_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1112-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.\n\nFor the unstable distribution (sid) does no longer contain MySQL 4.1\npackages. MySQL 5.0 from sid is not affected.\n\nWe recommend that you upgrade your mysql-dfsg-4.1 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201112-1\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1112-1.\n\nSeveral local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-3081\n\nKanatoko discovered that the server can be crashed with feeding\nNULL values to the str_to_date() function.\n\nCVE-2006-3469\n\nJean-David Maillefer discovered that the server can be crashed with\nspecially crafted date_format() function calls.\";\n\n\nif(description)\n{\n script_id(57109);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3081\", \"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14-dev\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "description": "Check for the Version of mysql", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870033", "href": "http://plugins.openvas.org/nasl.php?oid=870033", "type": "openvas", "title": "RedHat Update for mysql RHSA-2008:0768-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2008:0768-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld), and\n many different client programs and libraries.\n\n MySQL did not correctly check directories used as arguments for the DATA\n DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\n attacker could elevate their access privileges to tables created by other\n database users. Note: this attack does not work on existing tables. An\n attacker can only elevate their access to another user's tables as the\n tables are created. As well, the names of these created tables need to be\n predicted correctly for this attack to succeed. (CVE-2008-2079)\n \n MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.\n An authenticated user could use this flaw to rename arbitrary tables.\n (CVE-2007-2691)\n \n MySQL allowed an authenticated user to access a table through a previously\n created MERGE table, even after the user's privileges were revoked from the\n original table, which might violate intended security policy. This is\n addressed by allowing the MERGE storage engine to be disabled, which can be\n done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)\n \n A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\n crash via crafted SQL queries. This only caused a temporary denial of\n service, as the MySQL daemon is automatically restarted after the crash.\n (CVE-2006-3469)\n \n As well, these updated packages fix the following bugs:\n \n * in the previous mysql packages, if a column name was referenced more\n than once in an "ORDER BY" section of a query, a segmentation fault\n occurred.\n \n * when MySQL failed to start, the init script returned a successful (0)\n exit code. When using the Red Hat Cluster Suite, this may have caused\n cluster services to report a successful start, even when MySQL failed to\n start. In these updated packages, the init script returns the correct exit\n codes, which resolves this issue.\n \n * it was possible to use the mysqld_safe command to specify invalid port\n numbers (higher than 65536), causing invalid ports to be created, and, in\n some cases, a "port number definition: unsigned short" error. In these\n updated packages, when an invalid port number is specified, the default\n port number is used.\n \n * when setting "myisam_repair_threads > 1", any repair set the index\n cardi ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00034.html\");\n script_id(870033);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0768-01\");\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_name( \"RedHat Update for mysql RHSA-2008:0768-01\");\n\n script_summary(\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "description": "Check for the Version of mysql", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870033", "type": "openvas", "title": "RedHat Update for mysql RHSA-2008:0768-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2008:0768-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld), and\n many different client programs and libraries.\n\n MySQL did not correctly check directories used as arguments for the DATA\n DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\n attacker could elevate their access privileges to tables created by other\n database users. Note: this attack does not work on existing tables. An\n attacker can only elevate their access to another user's tables as the\n tables are created. As well, the names of these created tables need to be\n predicted correctly for this attack to succeed. (CVE-2008-2079)\n \n MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.\n An authenticated user could use this flaw to rename arbitrary tables.\n (CVE-2007-2691)\n \n MySQL allowed an authenticated user to access a table through a previously\n created MERGE table, even after the user's privileges were revoked from the\n original table, which might violate intended security policy. This is\n addressed by allowing the MERGE storage engine to be disabled, which can be\n done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)\n \n A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\n crash via crafted SQL queries. This only caused a temporary denial of\n service, as the MySQL daemon is automatically restarted after the crash.\n (CVE-2006-3469)\n \n As well, these updated packages fix the following bugs:\n \n * in the previous mysql packages, if a column name was referenced more\n than once in an "ORDER BY" section of a query, a segmentation fault\n occurred.\n \n * when MySQL failed to start, the init script returned a successful (0)\n exit code. When using the Red Hat Cluster Suite, this may have caused\n cluster services to report a successful start, even when MySQL failed to\n start. In these updated packages, the init script returns the correct exit\n codes, which resolves this issue.\n \n * it was possible to use the mysqld_safe command to specify invalid port\n numbers (higher than 65536), causing invalid ports to be created, and, in\n some cases, a "port number definition: unsigned short" error. In these\n updated packages, when an invalid port number is specified, the default\n port number is used.\n \n * when setting "myisam_repair_threads > 1", any repair set the index\n cardi ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870033\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0768-01\");\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_name( \"RedHat Update for mysql RHSA-2008:0768-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:42", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469"], "description": "\nJean-David Maillefer reports a Denial of Service vulnerability\n\t within MySQL. The vulnerability is caused by improper checking\n\t of the data_format routine, which cause the MySQL server to\n\t crash. The crash is triggered by the following code:\n\"SELECT date_format('%d%s', 1);\n", "edition": 4, "modified": "2006-06-27T00:00:00", "published": "2006-06-27T00:00:00", "id": "FCB90EB0-2ACE-11DB-A6E2-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/fcb90eb0-2ace-11db-a6e2-000e0c2e438a.html", "title": "mysql -- format string vulnerability", "type": "freebsd", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T07:42:48", "description": "MySQL 4.x/5.x Server Date_Format Denial Of Service Vulnerability. CVE-2006-3469. Dos exploit for linux platform", "published": "2006-07-18T00:00:00", "type": "exploitdb", "title": "MySQL 4.x/5.x Server Date_Format Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3469"], "modified": "2006-07-18T00:00:00", "id": "EDB-ID:28234", "href": "https://www.exploit-db.com/exploits/28234/", "sourceData": "source: http://www.securityfocus.com/bid/19032/info\r\n\r\nMySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input.\r\n\r\nThis issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers.\r\n\r\nAttackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications.\r\n\r\nVersions prior to MySQL 4.1.18, 5.0.19, and 5.1.6 are vulnerable.\r\n\r\nThe following SQL statement will demonstrate this issue:\r\n\r\nselect date_format('%d%s', 1);", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28234/"}], "nessus": [{"lastseen": "2021-01-07T10:51:36", "description": "Jean-David Maillefer reports a Denial of Service vulnerability within\nMySQL. The vulnerability is caused by improper checking of the\ndata_format routine, which cause the MySQL server to crash. The crash\nis triggered by the following code:'SELECT date_format('%d%s', 1);", "edition": 26, "published": "2006-08-14T00:00:00", "title": "FreeBSD : mysql -- format string vulnerability (fcb90eb0-2ace-11db-a6e2-000e0c2e438a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "modified": "2006-08-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FCB90EB02ACE11DBA6E2000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/22213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22213);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n\n script_name(english:\"FreeBSD : mysql -- format string vulnerability (fcb90eb0-2ace-11db-a6e2-000e0c2e438a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jean-David Maillefer reports a Denial of Service vulnerability within\nMySQL. The vulnerability is caused by improper checking of the\ndata_format routine, which cause the MySQL server to crash. The crash\nis triggered by the following code:'SELECT date_format('%d%s', 1);\"\n );\n # http://bugs.mysql.com/bug.php?id=20729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=20729\"\n );\n # https://vuxml.freebsd.org/freebsd/fcb90eb0-2ace-11db-a6e2-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad18f6ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.1<5.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.0<5.0.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=4.1<4.1.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:07", "description": "The remote host is affected by the vulnerability described in GLSA-200608-09\n(MySQL: Denial of Service)\n\n Jean-David Maillefer discovered a format string vulnerability in\n time.cc where MySQL fails to properly handle specially formatted user\n input to the date_format function.\n \nImpact :\n\n By specifying a format string as the first parameter to the date_format\n function, an authenticated attacker could cause MySQL to crash,\n resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-08-07T00:00:00", "title": "GLSA-200608-09 : MySQL: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "modified": "2006-08-07T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mysql"], "id": "GENTOO_GLSA-200608-09.NASL", "href": "https://www.tenable.com/plugins/nessus/22167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22167);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"GLSA\", value:\"200608-09\");\n\n script_name(english:\"GLSA-200608-09 : MySQL: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-09\n(MySQL: Denial of Service)\n\n Jean-David Maillefer discovered a format string vulnerability in\n time.cc where MySQL fails to properly handle specially formatted user\n input to the date_format function.\n \nImpact :\n\n By specifying a format string as the first parameter to the date_format\n function, an authenticated attacker could cause MySQL to crash,\n resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --verbose --oneshot '>=dev-db/mysql-4.1.21'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 4.1.21\", \"lt 4.1.0\"), vulnerable:make_list(\"lt 4.1.21\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:17", "description": "New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about the\nMySQL 4.1.21 Community Edition release here:\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html", "edition": 25, "published": "2007-02-18T00:00:00", "title": "Slackware 10.2 : mysql (SSA:2006-211-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "modified": "2007-02-18T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:10.2", "p-cpe:/a:slackware:slackware_linux:mysql"], "id": "SLACKWARE_SSA_2006-211-01.NASL", "href": "https://www.tenable.com/plugins/nessus/24656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-211-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24656);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"SSA\", value:\"2006-211-01\");\n\n script_name(english:\"Slackware 10.2 : mysql (SSA:2006-211-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about the\nMySQL 4.1.21 Community Edition release here:\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.387994\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?200bc6d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"mysql\", pkgver:\"4.1.21\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T15:30:42", "description": "Jean-David Maillefer discovered a format string bug in the\ndate_format() function's error reporting. By calling the function with\ninvalid arguments, an authenticated user could exploit this to crash\nthe server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-321-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-321-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27899", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-321-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27899);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"USN\", value:\"321-1\");\n\n script_name(english:\"Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-321-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jean-David Maillefer discovered a format string bug in the\ndate_format() function's error reporting. By calling the function with\ninvalid arguments, an authenticated user could exploit this to crash\nthe server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14-dev\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-client-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-common-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-server-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient14 / libmysqlclient14-dev / mysql-client-4.1 / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T04:14:36", "description": "The version of MySQL installed on the remote host is earlier than\n4.1.21 / 5.0 and reportedly allows a remote, authenticated user to\ncrash the server via a format string attack.", "edition": 26, "published": "2012-01-16T00:00:00", "title": "MySQL < 4.1.21 / 5.0 Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3469"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_4_1_21.NASL", "href": "https://www.tenable.com/plugins/nessus/17800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17800);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/16 14:09:12\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n\n script_name(english:\"MySQL < 4.1.21 / 5.0 Denial of Service\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n4.1.21 / 5.0 and reportedly allows a remote, authenticated user to\ncrash the server via a format string attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=20729\");\n # 4.1 has reached its end of life\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 5.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('4.1.21', '5.0'), severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:44:39", "description": "Several local vulnerabilities have been discovered in the MySQL\ndatabase server, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2006-3081\n 'Kanatoko' discovered that the server can be crashed\n with feeding NULL values to the str_to_date() function.\n\n - CVE-2006-3469\n Jean-David Maillefer discovered that the server can be\n crashed with specially crafted date_format() function\n calls.", "edition": 26, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3081", "CVE-2006-3469"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1112.NASL", "href": "https://www.tenable.com/plugins/nessus/22654", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1112. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22654);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3081\", \"CVE-2006-3469\");\n script_xref(name:\"DSA\", value:\"1112\");\n\n script_name(english:\"Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in the MySQL\ndatabase server, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2006-3081\n 'Kanatoko' discovered that the server can be crashed\n with feeding NULL values to the str_to_date() function.\n\n - CVE-2006-3469\n Jean-David Maillefer discovered that the server can be\n crashed with specially crafted date_format() function\n calls.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1112\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-dfsg-4.1 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14-dev\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:43:59", "description": "MySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n - in the previous mysql packages, if a column name was\n referenced more than once in an 'ORDER BY' section of a\n query, a segmentation fault occurred.\n\n - when MySQL failed to start, the init script returned a\n successful (0) exit code. When using the Red Hat Cluster\n Suite, this may have caused cluster services to report a\n successful start, even when MySQL failed to start. In\n these updated packages, the init script returns the\n correct exit codes, which resolves this issue.\n\n - it was possible to use the mysqld_safe command to\n specify invalid port numbers (higher than 65536),\n causing invalid ports to be created, and, in some cases,\n a 'port number definition: unsigned short' error. In\n these updated packages, when an invalid port number is\n specified, the default port number is used.\n\n - when setting 'myisam_repair_threads > 1', any repair set\n the index cardinality to '1', regardless of the table\n size.\n\n - the MySQL init script no longer runs 'chmod -R' on the\n entire database directory tree during every startup.\n\n - when running 'mysqldump' with the MySQL 4.0\n compatibility mode option, '--compatible=mysql40',\n mysqldump created dumps that omitted the\n 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : mysql on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080724_MYSQL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60451);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n\n script_name(english:\"Scientific Linux Security Update : mysql on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n - in the previous mysql packages, if a column name was\n referenced more than once in an 'ORDER BY' section of a\n query, a segmentation fault occurred.\n\n - when MySQL failed to start, the init script returned a\n successful (0) exit code. When using the Red Hat Cluster\n Suite, this may have caused cluster services to report a\n successful start, even when MySQL failed to start. In\n these updated packages, the init script returns the\n correct exit codes, which resolves this issue.\n\n - it was possible to use the mysqld_safe command to\n specify invalid port numbers (higher than 65536),\n causing invalid ports to be created, and, in some cases,\n a 'port number definition: unsigned short' error. In\n these updated packages, when an invalid port number is\n specified, the default port number is used.\n\n - when setting 'myisam_repair_threads > 1', any repair set\n the index cardinality to '1', regardless of the table\n size.\n\n - the MySQL init script no longer runs 'chmod -R' on the\n entire database directory tree during every startup.\n\n - when running 'mysqldump' with the MySQL 4.0\n compatibility mode option, '--compatible=mysql40',\n mysqldump created dumps that omitted the\n 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=2861\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3990d347\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"mysql-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-bench-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-devel-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-server-4.1.22-2.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T13:06:15", "description": "Updated mysql packages that fix various security issues, several bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld),\nand many different client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n* in the previous mysql packages, if a column name was referenced more\nthan once in an 'ORDER BY' section of a query, a segmentation fault\noccurred.\n\n* when MySQL failed to start, the init script returned a successful\n(0) exit code. When using the Red Hat Cluster Suite, this may have\ncaused cluster services to report a successful start, even when MySQL\nfailed to start. In these updated packages, the init script returns\nthe correct exit codes, which resolves this issue.\n\n* it was possible to use the mysqld_safe command to specify invalid\nport numbers (higher than 65536), causing invalid ports to be created,\nand, in some cases, a 'port number definition: unsigned short' error.\nIn these updated packages, when an invalid port number is specified,\nthe default port number is used.\n\n* when setting 'myisam_repair_threads > 1', any repair set the index\ncardinality to '1', regardless of the table size.\n\n* the MySQL init script no longer runs 'chmod -R' on the entire\ndatabase directory tree during every startup.\n\n* when running 'mysqldump' with the MySQL 4.0 compatibility mode\noption, '--compatible=mysql40', mysqldump created dumps that omitted\nthe 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n\nAll mysql users are advised to upgrade to these updated packages,\nwhich resolve these issues and add this enhancement.", "edition": 28, "published": "2008-07-25T00:00:00", "title": "RHEL 4 : mysql (RHSA-2008:0768)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "modified": "2008-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2008-0768.NASL", "href": "https://www.tenable.com/plugins/nessus/33585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0768. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33585);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_bugtraq_id(19279, 24016, 29106);\n script_xref(name:\"RHSA\", value:\"2008:0768\");\n\n script_name(english:\"RHEL 4 : mysql (RHSA-2008:0768)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various security issues, several bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld),\nand many different client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n* in the previous mysql packages, if a column name was referenced more\nthan once in an 'ORDER BY' section of a query, a segmentation fault\noccurred.\n\n* when MySQL failed to start, the init script returned a successful\n(0) exit code. When using the Red Hat Cluster Suite, this may have\ncaused cluster services to report a successful start, even when MySQL\nfailed to start. In these updated packages, the init script returns\nthe correct exit codes, which resolves this issue.\n\n* it was possible to use the mysqld_safe command to specify invalid\nport numbers (higher than 65536), causing invalid ports to be created,\nand, in some cases, a 'port number definition: unsigned short' error.\nIn these updated packages, when an invalid port number is specified,\nthe default port number is used.\n\n* when setting 'myisam_repair_threads > 1', any repair set the index\ncardinality to '1', regardless of the table size.\n\n* the MySQL init script no longer runs 'chmod -R' on the entire\ndatabase directory tree during every startup.\n\n* when running 'mysqldump' with the MySQL 4.0 compatibility mode\noption, '--compatible=mysql40', mysqldump created dumps that omitted\nthe 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n\nAll mysql users are advised to upgrade to these updated packages,\nwhich resolve these issues and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0768\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0768\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-bench-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-devel-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-server-4.1.22-2.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-03-01T03:40:24", "description": "The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog", "edition": 26, "published": "2007-03-13T00:00:00", "title": "Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0733", "CVE-2006-4829", "CVE-2007-0730", "CVE-2006-5052", "CVE-2007-0724", "CVE-2007-0463", "CVE-2006-6097", "CVE-2007-0299", "CVE-2006-5051", "CVE-2006-1517", "CVE-2006-3081", "CVE-2007-0726", "CVE-2006-4031", "CVE-2007-0723", "CVE-2006-6173", "CVE-2005-2959", "CVE-2007-0719", "CVE-2007-0267", "CVE-2007-0731", "CVE-2007-1071", "CVE-2006-0225", "CVE-2006-6062", "CVE-2007-0318", "CVE-2007-0467", "CVE-2007-0236", "CVE-2006-5679", "CVE-2006-5330", "CVE-2007-0720", "CVE-2006-6129", "CVE-2006-4226", "CVE-2006-6130", "CVE-2006-5836", "CVE-2006-3469", "CVE-2007-0588", "CVE-2006-2753", "CVE-2007-0728", "CVE-2006-6061", "CVE-2007-0229", "CVE-2007-0722", "CVE-2006-0300", "CVE-2007-0721", "CVE-2006-4924", "CVE-2006-1516"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_4_9.NASL", "href": "https://www.tenable.com/plugins/nessus/24811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(24811);\n script_version (\"1.29\");\n\n script_cve_id(\"CVE-2007-0719\", \"CVE-2007-0467\", \"CVE-2007-0720\", \n \"CVE-2007-0721\", \"CVE-2007-0722\", \"CVE-2006-6061\", \n \"CVE-2006-6062\", \"CVE-2006-5679\", \"CVE-2007-0229\", \n \"CVE-2007-0267\", \"CVE-2007-0299\", \"CVE-2007-0723\", \n \"CVE-2006-5330\", \"CVE-2006-0300\", \"CVE-2006-6097\", \n \"CVE-2007-0318\", \"CVE-2007-0724\", \"CVE-2007-1071\", \n \"CVE-2007-0733\", \"CVE-2006-5836\", \"CVE-2006-6129\", \n \"CVE-2006-6173\", \"CVE-2006-1516\", \"CVE-2006-1517\", \n \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4031\", \n \"CVE-2006-4226\", \"CVE-2006-3469\", \"CVE-2006-6130\", \n \"CVE-2007-0236\", \"CVE-2007-0726\", \"CVE-2006-0225\", \n \"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\", \n \"CVE-2007-0728\", \"CVE-2007-0588\", \"CVE-2007-0730\", \n \"CVE-2007-0731\", \"CVE-2007-0463\", \"CVE-2005-2959\", \n \"CVE-2006-4829\");\n script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948);\n\n script_name(english:\"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=305214\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :\n\nhttp://www.apple.com/support/downloads/macosxserver1049updateppc.html\nhttp://www.apple.com/support/downloads/macosx1049updateintel.html\nhttp://www.apple.com/support/downloads/macosxserver1049updateuniversal.html\n\nMac OS X 10.3 : Apply Security Update 2007-003 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070031039client.html\nhttp://www.apple.com/support/downloads/securityupdate20070031039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/03/13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"combined\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) {\n\t os = get_kb_item(\"Host/OS\");\n\t confidence = get_kb_item(\"Host/OS/Confidence\");\n\t if ( confidence <= 90 ) exit(0);\n\t}\nif ( ! os ) exit(0);\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-8]([^0-9]|$))\", string:os)) security_hole(0);\nelse if ( ereg(pattern:\"Mac OS X 10\\.3\\.\", string:os) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?2007-003\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469"], "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. \n\n### Description\n\nJean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the date_format function. \n\n### Impact\n\nBy specifying a format string as the first parameter to the date_format function, an authenticated attacker could cause MySQL to crash, resulting in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MySQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --verbose --oneshot \">=dev-db/mysql-4.1.21\"", "edition": 1, "modified": "2006-08-07T00:00:00", "published": "2006-08-06T00:00:00", "id": "GLSA-200608-09", "href": "https://security.gentoo.org/glsa/200608-09", "type": "gentoo", "title": "MySQL: Denial of Service", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:27:14", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3081", "CVE-2006-3469"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1112-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mysql-dfsg-4.1\nVulnerability : several\nProblem-Type : local\nDebian-specific: no\nCVE ID : CVE-2006-3081 CVE-2006-3469\nDebian Bug : 373913 375694\n\nSeveral local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-3081\n\n "Kanatoko" discovered that the server can be crashed with feeding\n NULL values to the str_to_date() function.\n\nCVE-2006-3469\n\n Jean-David Maillefer discovered that the server can be crashed with\n specially crafted date_format() function calls.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.\n\nFor the unstable distribution (sid) does no longer contain MySQL 4.1\npackages. MySQL 5.0 from sid is not affected.\n\nWe recommend that you upgrade your mysql-dfsg-4.1 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc\n Size/MD5 checksum: 1021 9cd4f7df9345856d06846e0ddb50b9ee\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz\n Size/MD5 checksum: 168442 e45db0b01b3adaf09500d54090f3a1e1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz\n Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb\n Size/MD5 checksum: 36520 e8115191126dc0b373a53024e5c78733\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_alpha.deb\n Size/MD5 checksum: 1590788 297b4444903885a19c76a1217e83477d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb\n Size/MD5 checksum: 7965184 8df4e20d157517541228fa52e4c60dbc\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb\n Size/MD5 checksum: 1000952 4d62bca949f80c09f043a78b9e701ca5\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb\n Size/MD5 checksum: 17487070 b357fcab1b57764e1ee8a341dd30def3\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_amd64.deb\n Size/MD5 checksum: 1452034 a22b66b8e00b2409bf1428834af1073b\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_amd64.deb\n Size/MD5 checksum: 5551704 731f50735026de2b95d9e9d9e19a7717\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_amd64.deb\n Size/MD5 checksum: 849526 a0a5d944db8261044bcdddbe55ab03d6\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_amd64.deb\n Size/MD5 checksum: 14711282 bf471f8b19fe0aa14bf04209c0eac975\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_arm.deb\n Size/MD5 checksum: 1388864 1ed00eac905063c7caa7702bb6a4dcda\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb\n Size/MD5 checksum: 5558854 46fac3302d6e4677bb1dbce5f5aa1387\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_arm.deb\n Size/MD5 checksum: 836766 5487191a4af54786066ac720456b5b68\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_arm.deb\n Size/MD5 checksum: 14557630 1369e1f83fad8dfcbea1618e0acd821e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb\n Size/MD5 checksum: 1418036 ab5768abe67a1d21c714a078f2ec86f0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb\n Size/MD5 checksum: 5643732 bf891e68e488947fd28a940a367d722f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb\n Size/MD5 checksum: 830724 f5d4a9e5b289d895ba021190f907829f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb\n Size/MD5 checksum: 14558034 b580eeaf7a3806b95a07435acbe48e27\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_ia64.deb\n Size/MD5 checksum: 1713308 0067b2b9c41a412defde52f366e3c897\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb\n Size/MD5 checksum: 7782486 3aabc5d9cf4bd642de338d58bdaf06f5\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb\n Size/MD5 checksum: 1050616 d23aac0cd8ee2af56e54dfb5bac2f330\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb\n Size/MD5 checksum: 18475936 9ddfe01a4b31abfed11b9bde23fac76f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_hppa.deb\n Size/MD5 checksum: 1551202 77244af3e0edbeaf716764fe9ac81e6f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb\n Size/MD5 checksum: 6250286 fd9cb45d760605ee2a89f70af5cb9af3\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb\n Size/MD5 checksum: 910046 38698cebd4b9f438fd09d9bbb9dcd92c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb\n Size/MD5 checksum: 15791130 8517866821789c2ac7343f9db6f59d3f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_m68k.deb\n Size/MD5 checksum: 1397964 e5166b54d56236e0bcbd677ae0b0612f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb\n Size/MD5 checksum: 5284080 48f187b76145ed53de71074d1e19bd6a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb\n Size/MD5 checksum: 803870 699c9078240853a353fbd70504285d51\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb\n Size/MD5 checksum: 14072018 f2837081c2ff82f8510234e174db38b4\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mips.deb\n Size/MD5 checksum: 1478938 f6865d5d185ecc5b20dac7d0d7e129da\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb\n Size/MD5 checksum: 6053046 43b3f77618248df20870c85301465095\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mips.deb\n Size/MD5 checksum: 904490 351bde467510be873c1a2cdc57048523\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mips.deb\n Size/MD5 checksum: 15409966 a0332059581d3de6922e9313d6eef676\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb\n Size/MD5 checksum: 1446348 46a4c7d996016a4adcf56440b05fef21\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb\n Size/MD5 checksum: 5971326 6467ab19215d4e0e45084d3530929683\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb\n Size/MD5 checksum: 890130 52b93510c81b7d296074fc4c36a6d847\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb\n Size/MD5 checksum: 15105474 1ffe09b6dc5b370067bf337109188a25\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb\n Size/MD5 checksum: 1476860 3b5a3a41dcb3744a289e78e3310d1df1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb\n Size/MD5 checksum: 6027448 99a562b660721bc4dacd8997de8aab1f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb\n Size/MD5 checksum: 907410 9893e547ddfe66215e6bc3da4bf69724\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb\n Size/MD5 checksum: 15403210 25c8ae97be006ad171df2f3bdedc72a2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_s390.deb\n Size/MD5 checksum: 1538550 b105d416c3bcd7875984cecac926d076\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb\n Size/MD5 checksum: 5461556 00100b922054d9b9c3fc22b3a92b60c7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_s390.deb\n Size/MD5 checksum: 884294 37fe2778f39871852f9fa53677cffe2c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_s390.deb\n Size/MD5 checksum: 15055516 c22496ba5559e2fbb1f0a37cd889ee0b\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_sparc.deb\n Size/MD5 checksum: 1460576 f4a2d46769a708b1ef70aa85e2b09277\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb\n Size/MD5 checksum: 6208040 3dc2de911cc6cbcb4f637bfccbce988a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb\n Size/MD5 checksum: 868258 1671384fa14d81404e3af7ffb555073e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb\n Size/MD5 checksum: 15392304 6d9b9d762aa6088e416c1b987f853e96\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2006-07-17T00:00:00", "published": "2006-07-17T00:00:00", "id": "DEBIAN:DSA-1112-1:85EF3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00198.html", "title": "[SECURITY] [DSA 1112-1] New mysql-dfsg-4.1 packages fix denial of service", "type": "debian", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3469", "CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld), and\r\nmany different client programs and libraries.\r\n\r\nMySQL did not correctly check directories used as arguments for the DATA\r\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\r\nattacker could elevate their access privileges to tables created by other\r\ndatabase users. Note: this attack does not work on existing tables. An\r\nattacker can only elevate their access to another user's tables as the\r\ntables are created. As well, the names of these created tables need to be\r\npredicted correctly for this attack to succeed. (CVE-2008-2079)\r\n\r\nMySQL did not require the \"DROP\" privilege for \"RENAME TABLE\" statements.\r\nAn authenticated user could use this flaw to rename arbitrary tables.\r\n(CVE-2007-2691)\r\n\r\nMySQL allowed an authenticated user to access a table through a previously\r\ncreated MERGE table, even after the user's privileges were revoked from the\r\noriginal table, which might violate intended security policy. This is\r\naddressed by allowing the MERGE storage engine to be disabled, which can be\r\ndone by running mysqld with the \"--skip-merge\" option. (CVE-2006-4031)\r\n\r\nA flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\r\ncrash via crafted SQL queries. This only caused a temporary denial of\r\nservice, as the MySQL daemon is automatically restarted after the crash.\r\n(CVE-2006-3469)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* in the previous mysql packages, if a column name was referenced more\r\nthan once in an \"ORDER BY\" section of a query, a segmentation fault\r\noccurred.\r\n\r\n* when MySQL failed to start, the init script returned a successful (0)\r\nexit code. When using the Red Hat Cluster Suite, this may have caused\r\ncluster services to report a successful start, even when MySQL failed to\r\nstart. In these updated packages, the init script returns the correct exit\r\ncodes, which resolves this issue.\r\n\r\n* it was possible to use the mysqld_safe command to specify invalid port\r\nnumbers (higher than 65536), causing invalid ports to be created, and, in\r\nsome cases, a \"port number definition: unsigned short\" error. In these\r\nupdated packages, when an invalid port number is specified, the default\r\nport number is used.\r\n\r\n* when setting \"myisam_repair_threads > 1\", any repair set the index\r\ncardinality to \"1\", regardless of the table size.\r\n\r\n* the MySQL init script no longer runs \"chmod -R\" on the entire database\r\ndirectory tree during every startup.\r\n\r\n* when running \"mysqldump\" with the MySQL 4.0 compatibility mode option,\r\n\"--compatible=mysql40\", mysqldump created dumps that omitted the\r\n\"auto_increment\" field.\r\n\r\nAs well, the MySQL init script now uses more reliable methods for\r\ndetermining parameters, such as the data directory location.\r\n\r\nNote: these updated packages upgrade MySQL to version 4.1.22. For a full\r\nlist of bug fixes and enhancements, refer to the MySQL release notes:\r\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\r\n\r\nAll mysql users are advised to upgrade to these updated packages, which\r\nresolve these issues and add this enhancement.", "modified": "2017-09-08T11:50:19", "published": "2008-07-24T04:00:00", "id": "RHSA-2008:0768", "href": "https://access.redhat.com/errata/RHSA-2008:0768", "type": "redhat", "title": "(RHSA-2008:0768) Moderate: mysql security, bug fix, and enhancement update", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4031", "CVE-2007-5925", "CVE-2007-5969", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "description": "[4.1.22-2]\n- Back-patch three upstream security fixes from 4.1.23 and 4.1.24\nResolves: #445321\n[4.1.22-1]\n- Update to not-so-new-anymore upstream version 4.1.22\nResolves: #278461, #327771, #218009, #201988\n- Use default port number if out-of-range port number is specified\nResolves: #206067\n- Sync mysql.init with current Fedora initscript; this includes the following:\n- Use a less hacky method of getting default values in initscript\nResolves: #233771\n- Update default /etc/my.cnf ([mysql.server] has been bogus for a long time)\n- Dont chmod -R the entire database directory tree on every startup\nResolves: #221085\n- Fix init script to return status 1 on server start timeout\nResolves: #203910\n- Fix mysql.init to wait correctly when socket is not in default place\n[4.1.20-4.RHEL4.1]\n- Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969.\nResolves: #422191", "edition": 4, "modified": "2008-08-01T00:00:00", "published": "2008-08-01T00:00:00", "id": "ELSA-2008-0768", "href": "http://linux.oracle.com/errata/ELSA-2008-0768.html", "title": "mysql security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}]}
