Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

RedHat Update for mysql55-mysql RHSA-2014:0186-01

🗓️ 20 Feb 2014 00:00:00Reported by Copyright (C) 2014 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 37 Views

RedHat Update for mysql55-mysql. Upgrade to version 5.5.36 to fix vulnerabilities including buffer overflow issue in MySQL command line client

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Oracle MySQL 5.x < 5.6.13 Multiple Vulnerabilities
22 Jul 201300:00
nessus
Tenable Nessus		Oracle MySQL 5.6.x < 5.6.15 Remote Code Execution
23 Jan 201400:00
nessus
Tenable Nessus		Oracle MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities
23 Jan 201400:00
nessus
Tenable Nessus		Oracle MySQL 5.5.x < 5.5.35 Multiple Vulnerabilities
23 Jan 201400:00
nessus
Tenable Nessus		MariaDB Server 5.5.x < 5.5.35 Buffer Overflow Vulnerability
20 Feb 201400:00
nessus
Tenable Nessus		Oracle MySQL 5.5.x <= 5.5.36 / 5.6.x <= 5.6.16 Multiple Vulnerabilities
17 Apr 201400:00
nessus
Tenable Nessus		MariaDB Server 10.0.x < 10.0.21 Multiple Vulnerabilities
13 May 201600:00
nessus
Tenable Nessus		Amazon Linux AMI : mysql51 (ALAS-2013-240)
14 Nov 201300:00
nessus
Tenable Nessus		Amazon Linux AMI : mysql51 (ALAS-2014-298)
12 Mar 201400:00
nessus
Tenable Nessus		CentOS 6 : mysql (CESA-2014:0164)
14 Feb 201400:00
nessus
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for mysql55-mysql RHSA-2014:0186-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");

if(description)
{
  script_id(871126);
  script_version("$Revision: 6688 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $");
  script_tag(name:"creation_date", value:"2014-02-20 15:24:16 +0530 (Thu, 20 Feb 2014)");
  script_cve_id("CVE-2013-3839", "CVE-2013-5807", "CVE-2013-5891", "CVE-2013-5908",
                "CVE-2014-0001", "CVE-2014-0386", "CVE-2014-0393", "CVE-2014-0401",
                "CVE-2014-0402", "CVE-2014-0412", "CVE-2014-0420", "CVE-2014-0437");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("RedHat Update for mysql55-mysql RHSA-2014:0186-01");

  tag_insight = "MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2013-5807,
CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line client
tool (mysql) processed excessively long version strings. If a user
connected to a malicious MySQL server via the mysql client, the server
could use this flaw to crash the mysql client or, potentially, execute
arbitrary code as the user running the mysql client. (CVE-2014-0001)

The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat
Security Response Team.

These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL
Release Notes listed in the References section for a complete list
of changes.

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.
";

  tag_affected = "mysql55-mysql on Red Hat Enterprise Linux (v. 5 server)";

  tag_solution = "Please Install the Updated Packages.";


  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name: "RHSA", value: "2014:0186-01");
  script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2014-February/msg00025.html");
  script_summary("Check for the Version of mysql55-mysql");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"mysql55-mysql", rpm:"mysql55-mysql~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-bench", rpm:"mysql55-mysql-bench~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-debuginfo", rpm:"mysql55-mysql-debuginfo~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-devel", rpm:"mysql55-mysql-devel~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-libs", rpm:"mysql55-mysql-libs~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-server", rpm:"mysql55-mysql-server~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mysql55-mysql-test", rpm:"mysql55-mysql-test~5.5.36~2.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jul 2017 00:00Current
7High risk
Vulners AI Score7
EPSS0.20688
red hat enterprise linuxmysql database servercve-2014-0001buffer overflowversion 5.5.36vendorfix
37