A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:
Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.
**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**
This Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.
Please note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).
This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.
{"nessus": [{"lastseen": "2023-05-18T14:28:30", "description": "The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the OpenSSL subcomponent in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the OpenSSL subcomponent in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An unspecified flaw exists in the Runtime Catalog subcomponent in the iStore component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5489)\n\n - An unspecified flaw exists in the AD Utilities subcomponent in the Applications DBA component that allows a local attacker to disclose sensitive information. (CVE-2016-5517) \n - An unspecified flaw exists in the Workflow Events subcomponent in the Shipping Execution component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5532)\n\n - An unspecified flaw exists in the Price Book subcomponent in the Advanced Pricing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5557)\n\n - An unspecified flaw exists in the Requisition Management subcomponent in the iProcurement component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5562)\n\n - Multiple unspecified flaws exist in the AD Utilities subcomponent in the DBA component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE- 2016-5567, CVE-2016-5570, CVE-2016-5571)\n\n - An unspecified flaw exists in the Resources Module subcomponent in the Common Applications Calendar component that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5575)\n\n - An unspecified flaw exists in the Candidate Self Service subcomponent in the iRecruitment component that allows a local attacker to gain elevated privileges.\n (CVE-2016-5581)\n\n - An unspecified flaw exists in the File Upload subcomponent in the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5583)\n\n - An unspecified flaw exists in the Select Application Dependencies subcomponent in the Interaction Center Intelligence component that allow an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-5585)\n\n - An unspecified flaw exists in the Dispatch/Service Call Requests subcomponent in the Email Center component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5586)\n\n - Multiple unspecified flaws exist in the Outcome-Result subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-5587, CVE-2016-5591, CVE-2016-5593)\n\n - An unspecified flaw exists in the Responsibility Management subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-5589)\n\n - Multiple unspecified flaws exist in the Result-Reason subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5592, CVE-2016-5595)\n\n - An unspecified flaw exists in the Default Responsibility subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5596)", "cvss3": {}, "published": "2016-10-20T00:00:00", "type": "nessus", "title": "Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-5489", "CVE-2016-5517", "CVE-2016-5532", "CVE-2016-5557", "CVE-2016-5562", "CVE-2016-5567", "CVE-2016-5570", "CVE-2016-5571", "CVE-2016-5575", "CVE-2016-5581", "CVE-2016-5583", "CVE-2016-5585", "CVE-2016-5586", "CVE-2016-5587", "CVE-2016-5589", "CVE-2016-5591", "CVE-2016-5592", "CVE-2016-5593", "CVE-2016-5595", "CVE-2016-5596"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:e-business_suite"], "id": "ORACLE_E-BUSINESS_CPU_OCT_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/94164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94164);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2107\",\n \"CVE-2016-2109\",\n \"CVE-2016-2176\",\n \"CVE-2016-5489\",\n \"CVE-2016-5517\",\n \"CVE-2016-5532\",\n \"CVE-2016-5557\",\n \"CVE-2016-5562\",\n \"CVE-2016-5567\",\n \"CVE-2016-5570\",\n \"CVE-2016-5571\",\n \"CVE-2016-5575\",\n \"CVE-2016-5581\",\n \"CVE-2016-5583\",\n \"CVE-2016-5585\",\n \"CVE-2016-5586\",\n \"CVE-2016-5587\",\n \"CVE-2016-5589\",\n \"CVE-2016-5591\",\n \"CVE-2016-5592\",\n \"CVE-2016-5593\",\n \"CVE-2016-5595\",\n \"CVE-2016-5596\"\n );\n script_bugtraq_id(\n 87940,\n 89744,\n 89746,\n 89757,\n 89760,\n 93690,\n 93694,\n 93699,\n 93703,\n 93707,\n 93721,\n 93724,\n 93729,\n 93738,\n 93739,\n 93743,\n 93747,\n 93750,\n 93756,\n 93758,\n 93761,\n 93762,\n 93764,\n 93769,\n 93770\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business installed on the remote host is\nmissing the October 2016 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the OpenSSL\n subcomponent in the EVP_EncodeUpdate() function within\n file crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the OpenSSL\n subcomponent in the EVP_EncryptUpdate() function within\n file crypto/evp/evp_enc.c that is triggered when\n handling a large amount of input data after a previous\n call occurs to the same function with a partial block.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the\n aesni_cbc_hmac_sha1_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha1.c and the\n aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - Multiple unspecified flaws exist in the OpenSSL\n subcomponent in the d2i BIO functions when reading ASN.1\n data from a BIO due to invalid encoding causing a large\n allocation of memory. An unauthenticated, remote\n attacker can exploit these to cause a denial of service\n condition through resource exhaustion. (CVE-2016-2109)\n\n - An out-of-bounds read error exists in the OpenSSL\n subcomponent in the X509_NAME_oneline() function within\n file crypto/x509/x509_obj.c when handling very long ASN1\n strings. An unauthenticated, remote attacker can exploit\n this to disclose the contents of stack memory.\n (CVE-2016-2176)\n\n - An unspecified flaw exists in the Runtime Catalog\n subcomponent in the iStore component that allows an\n unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-5489)\n\n - An unspecified flaw exists in the AD Utilities\n subcomponent in the Applications DBA component that\n allows a local attacker to disclose sensitive\n information. (CVE-2016-5517)\n \n - An unspecified flaw exists in the Workflow Events\n subcomponent in the Shipping Execution component that\n allows an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-5532)\n\n - An unspecified flaw exists in the Price Book\n subcomponent in the Advanced Pricing component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-5557)\n\n - An unspecified flaw exists in the Requisition Management\n subcomponent in the iProcurement component that allows\n an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-5562)\n\n - Multiple unspecified flaws exist in the AD Utilities\n subcomponent in the DBA component that allow an\n authenticated, remote attacker to impact confidentiality\n and integrity. (CVE- 2016-5567, CVE-2016-5570,\n CVE-2016-5571)\n\n - An unspecified flaw exists in the Resources Module\n subcomponent in the Common Applications Calendar\n component that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5575)\n\n - An unspecified flaw exists in the Candidate Self Service\n subcomponent in the iRecruitment component that allows a\n local attacker to gain elevated privileges.\n (CVE-2016-5581)\n\n - An unspecified flaw exists in the File Upload\n subcomponent in the One-to-One Fulfillment component\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2016-5583)\n\n - An unspecified flaw exists in the Select Application\n Dependencies subcomponent in the Interaction Center\n Intelligence component that allow an unauthenticated,\n remote attacker to impact confidentiality and integrity.\n (CVE-2016-5585)\n\n - An unspecified flaw exists in the Dispatch/Service Call\n Requests subcomponent in the Email Center component that\n allow an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-5586)\n\n - Multiple unspecified flaws exist in the Outcome-Result\n subcomponent in the Customer Interaction History\n component that allow an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-5587, CVE-2016-5591, CVE-2016-5593)\n\n - An unspecified flaw exists in the Responsibility\n Management subcomponent in the CRM Technical Foundation\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-5589)\n\n - Multiple unspecified flaws exist in the Result-Reason\n subcomponent in the Customer Interaction History\n component that allow an unauthenticated, remote attacker\n to impact confidentiality and integrity. (CVE-2016-5592,\n CVE-2016-5595)\n\n - An unspecified flaw exists in the Default Responsibility\n subcomponent in the CRM Technical Foundation component\n that allows an unauthenticated, remote attacker to\n disclose sensitive information. (CVE-2016-5596)\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\np12_1 = '24390793';\np12_2 = '24390794';\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '12.1.1', make_list(p12_1),\n '12.1.2', make_list(p12_1),\n '12.1.3', make_list(p12_1),\n\n '12.2.3', make_list(p12_2),\n '12.2.4', make_list(p12_2),\n '12.2.5', make_list(p12_2),\n '12.2.6', make_list(p12_2)\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_hole(port:0,extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:51", "description": "The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MariaDB and MySQL.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n Attackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-3495", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-5609", "CVE-2016-5612", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5632", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-6652", "CVE-2016-6662", "CVE-2016-8283", "CVE-2016-8284", "CVE-2016-8286", "CVE-2016-8287", "CVE-2016-8288", "CVE-2016-8289", "CVE-2016-8290"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mariadb", "p-cpe:/a:gentoo:linux:mysql", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-01.NASL", "href": "https://www.tenable.com/plugins/nessus/96232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-01.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96232);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-3495\", \"CVE-2016-5507\", \"CVE-2016-5584\", \"CVE-2016-5609\", \"CVE-2016-5612\", \"CVE-2016-5625\", \"CVE-2016-5626\", \"CVE-2016-5627\", \"CVE-2016-5628\", \"CVE-2016-5629\", \"CVE-2016-5630\", \"CVE-2016-5631\", \"CVE-2016-5632\", \"CVE-2016-5633\", \"CVE-2016-5634\", \"CVE-2016-5635\", \"CVE-2016-6652\", \"CVE-2016-6662\", \"CVE-2016-8283\", \"CVE-2016-8284\", \"CVE-2016-8286\", \"CVE-2016-8287\", \"CVE-2016-8288\", \"CVE-2016-8289\", \"CVE-2016-8290\");\n script_xref(name:\"GLSA\", value:\"201701-01\");\n\n script_name(english:\"GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-01\n(MariaDB and MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MariaDB and MySQL.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Attackers could execute arbitrary code, escalate privileges, and impact\n availability via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MariaDB users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mariadb-10.0.28'\n All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.34'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mariadb\", unaffected:make_list(\"ge 10.0.28\"), vulnerable:make_list(\"lt 10.0.28\"))) flag++;\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.6.34\"), vulnerable:make_list(\"lt 5.6.34\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MariaDB and MySQL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:24", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628)\n\n - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5631)\n\n - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5633, CVE-2016-8290)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634)\n\n - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5635)\n\n - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284)\n\n - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8287)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289)\n\n - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault.\n\n - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-08-17T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3495", "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-8284", "CVE-2016-8287", "CVE-2016-8289", "CVE-2016-8290"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_14.NASL", "href": "https://www.tenable.com/plugins/nessus/93004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93004);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-3495\",\n \"CVE-2016-5612\",\n \"CVE-2016-5627\",\n \"CVE-2016-5628\",\n \"CVE-2016-5630\",\n \"CVE-2016-5631\",\n \"CVE-2016-5633\",\n \"CVE-2016-5634\",\n \"CVE-2016-5635\",\n \"CVE-2016-8284\",\n \"CVE-2016-8287\",\n \"CVE-2016-8289\",\n \"CVE-2016-8290\"\n );\n script_bugtraq_id(\n 93630,\n 93642,\n 93662,\n 93670,\n 93674,\n 93684,\n 93702,\n 93709,\n 93715,\n 93720,\n 93727,\n 93733,\n 93755\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.14. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5612)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5628)\n\n - An unspecified flaw exists in the Memcached\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5631)\n\n - Multiple unspecified flaws exist in the Performance\n Schema subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5633, CVE-2016-8290)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5634)\n\n - An unspecified flaw exists in the Security: Audit\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5635)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-8284)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows a authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8287)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows a local attacker to impact integrity and\n availability. (CVE-2016-8289)\n\n - A denial of service vulnerability exists in InnoDB when\n selecting full-text index information schema tables for\n a deleted table. An authenticated, remote attacker can\n exploit this to cause a segmentation fault.\n\n - A denial of service vulnerability exists in InnoDB when\n handling ALTER TABLE operations on tables that have an\n indexed virtual column. An authenticated, remote\n attacker can exploit this to cause an assertion failure,\n resulting in a server crash.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.14', min:'5.7', severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:04", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.34. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_34_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/94197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94197);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92912,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153,\n 93612,\n 93614,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.34. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause\n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the\n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.34 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.34\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:26", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628)\n\n - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5631)\n\n - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5633, CVE-2016-8290)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634)\n\n - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5635)\n\n - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284)\n\n - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-8287)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289)\n\n - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault.\n\n - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-08-17T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3495", "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-8284", "CVE-2016-8287", "CVE-2016-8289", "CVE-2016-8290"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_14_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/93005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93005);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-3495\",\n \"CVE-2016-5612\",\n \"CVE-2016-5627\",\n \"CVE-2016-5628\",\n \"CVE-2016-5630\",\n \"CVE-2016-5631\",\n \"CVE-2016-5633\",\n \"CVE-2016-5634\",\n \"CVE-2016-5635\",\n \"CVE-2016-8284\",\n \"CVE-2016-8287\",\n \"CVE-2016-8289\",\n \"CVE-2016-8290\"\n );\n script_bugtraq_id(\n 93630,\n 93642,\n 93662,\n 93670,\n 93674,\n 93684,\n 93702,\n 93709,\n 93715,\n 93720,\n 93727,\n 93733,\n 93755\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.14. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5612)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5628)\n\n - An unspecified flaw exists in the Memcached\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5631)\n\n - Multiple unspecified flaws exist in the Performance\n Schema subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5633, CVE-2016-8290)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5634)\n\n - An unspecified flaw exists in the Security: Audit\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5635)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-8284)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows a authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-8287)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows a local attacker to impact integrity and\n availability. (CVE-2016-8289)\n\n - A denial of service vulnerability exists in InnoDB when\n selecting full-text index information schema tables for\n a deleted table. An authenticated, remote attacker can\n exploit this to cause a segmentation fault.\n\n - A denial of service vulnerability exists in InnoDB when\n handling ALTER TABLE operations on tables that have an\n indexed virtual column. An authenticated, remote\n attacker can exploit this to cause an assertion failure,\n resulting in a server crash.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/17\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.14\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:14", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.34. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)", "cvss3": {}, "published": "2016-10-20T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_34.NASL", "href": "https://www.tenable.com/plugins/nessus/94166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94166);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92912,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153,\n 93612,\n 93614,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.34. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause\n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the\n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.34 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.34', min:'5.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:23", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.15. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3492, CVE-2016-5632)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5625)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) \n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)\n\n - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-8286)\n\n - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\n - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\n - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\n - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An information disclosure vulnerability exists in the validate_password plugin due to passwords that have been rejected being written as plaintext to the error log. A local attacker can exploit this to more easily guess what passwords might have been chosen and accepted.\n\n - A flaw exists in InnoDB when handling an ALTER TABLE ...\n ENCRYPTION='Y', ALGORITHM=COPY operation that is applied to a table in the system tablespace. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5507", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-5632", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283", "CVE-2016-8286"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_15_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/93380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93380);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5507\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5625\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-5632\",\n \"CVE-2016-6662\",\n \"CVE-2016-6663\",\n \"CVE-2016-8283\",\n \"CVE-2016-8286\"\n );\n script_bugtraq_id(\n 92911,\n 92912,\n 93612,\n 93614,\n 93617,\n 93638,\n 93650,\n 93668,\n 93678,\n 93693,\n 93737,\n 93745\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.15. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3492, CVE-2016-5632)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5507)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5625)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - An unspecified flaw exists that allows an authenticated,\n remote attacker to bypass restrictions and create the\n /var/lib/mysql/my.cnf file with custom contents without\n the FILE privilege requirement. (CVE-2016-6663)\n \n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\n - An unspecified flaw exists in the Security: Privileges\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-8286)\n\n - A flaw exists that is related to the use of temporary\n files by REPAIR TABLE. An authenticated, remote attacker\n can exploit this to gain elevated privileges.\n\n - A flaw exists in InnoDB when handling an operation that\n dropped and created a full-text search table. An\n authenticated, remote attacker can exploit this to\n trigger an assertion, resulting in a denial of service\n condition.\n\n - A flaw exists in InnoDB when accessing full-text\n auxiliary tables while dropping the indexed table. An\n authenticated, remote attacker can exploit this to\n trigger an assertion, resulting in a denial of service\n condition.\n\n - A buffer overflow condition exists when handling long\n integer values in MEDIUMINT columns due to the improper\n validation of certain input. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An information disclosure vulnerability exists in the\n validate_password plugin due to passwords that have been\n rejected being written as plaintext to the error log. A\n local attacker can exploit this to more easily guess\n what passwords might have been chosen and accepted.\n\n - A flaw exists in InnoDB when handling an ALTER TABLE ...\n ENCRYPTION='Y', ALGORITHM=COPY operation that is applied\n to a table in the system tablespace. An authenticated,\n remote attacker can exploit this to trigger an\n assertion, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.15\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:42", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.15. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3492, CVE-2016-5632)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5507)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5625)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - An unspecified flaw exists that allows an authenticated, remote attacker to bypass restrictions and create the /var/lib/mysql/my.cnf file with custom contents without the FILE privilege requirement. (CVE-2016-6663) \n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)\n\n - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-8286)\n\n - A flaw exists that is related to the use of temporary files by REPAIR TABLE. An authenticated, remote attacker can exploit this to gain elevated privileges.\n\n - A flaw exists in InnoDB when handling an operation that dropped and created a full-text search table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\n - A flaw exists in InnoDB when accessing full-text auxiliary tables while dropping the indexed table. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\n - A buffer overflow condition exists when handling long integer values in MEDIUMINT columns due to the improper validation of certain input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - An information disclosure vulnerability exists in the validate_password plugin due to passwords that have been rejected being written as plaintext to the error log. A local attacker can exploit this to more easily guess what passwords might have been chosen and accepted.\n\n - A flaw exists in InnoDB when handling an ALTER TABLE ...\n ENCRYPTION='Y', ALGORITHM=COPY operation that is applied to a table in the system tablespace. An authenticated, remote attacker can exploit this to trigger an assertion, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5507", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-5632", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283", "CVE-2016-8286"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_15.NASL", "href": "https://www.tenable.com/plugins/nessus/93379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93379);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5507\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5625\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-5632\",\n \"CVE-2016-6662\",\n \"CVE-2016-6663\",\n \"CVE-2016-8283\",\n \"CVE-2016-8286\"\n );\n script_bugtraq_id(\n 92911,\n 92912,\n 93612,\n 93614,\n 93617,\n 93638,\n 93650,\n 93668,\n 93678,\n 93693,\n 93737,\n 93745\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.15. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3492, CVE-2016-5632)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5507)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the Packaging subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5625)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - An unspecified flaw exists that allows an authenticated,\n remote attacker to bypass restrictions and create the\n /var/lib/mysql/my.cnf file with custom contents without\n the FILE privilege requirement. (CVE-2016-6663)\n \n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\n - An unspecified flaw exists in the Security: Privileges\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-8286)\n\n - A flaw exists that is related to the use of temporary\n files by REPAIR TABLE. An authenticated, remote attacker\n can exploit this to gain elevated privileges.\n\n - A flaw exists in InnoDB when handling an operation that\n dropped and created a full-text search table. An\n authenticated, remote attacker can exploit this to\n trigger an assertion, resulting in a denial of service\n condition.\n\n - A flaw exists in InnoDB when accessing full-text\n auxiliary tables while dropping the indexed table. An\n authenticated, remote attacker can exploit this to\n trigger an assertion, resulting in a denial of service\n condition.\n\n - A buffer overflow condition exists when handling long\n integer values in MEDIUMINT columns due to the improper\n validation of certain input. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An information disclosure vulnerability exists in the\n validate_password plugin due to passwords that have been\n rejected being written as plaintext to the error log. A\n local attacker can exploit this to more easily guess\n what passwords might have been chosen and accepted.\n\n - A flaw exists in InnoDB when handling an ALTER TABLE ...\n ENCRYPTION='Y', ALGORITHM=COPY operation that is applied\n to a table in the system tablespace. An authenticated,\n remote attacker can exploit this to trigger an\n assertion, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.15', min:'5.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:45", "description": "New openssl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-266-01.NASL", "href": "https://www.tenable.com/plugins/nessus/93663", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-266-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93663);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6305\", \"CVE-2016-6306\", \"CVE-2016-6307\", \"CVE-2016-6308\");\n script_xref(name:\"SSA\", value:\"2016-266-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.629460\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13aca08a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1u\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1u\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1u\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1u\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1u\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1u\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1u\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1u\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl\", pkgver:\"1.0.2i\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2i\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2i\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2i\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:40", "description": "According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.9. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL component in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records. An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the OpenSSL component in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the OpenSSL component in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests.\n An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL component in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL component in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL component in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to improper handling of excessively long DTLS messages. An unauthenticated, remote attacker can exploit this, via a crafted DTLS message, to exhaust available memory resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the OpenSSL component in the read_state_machine() function in statem.c due to improper handling of messages larger than 16k. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a use-after-free error, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL component in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-9260)", "cvss3": {}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-7052", "CVE-2016-9260"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/a:tenable:nessus"], "id": "NESSUS_TNS_2016_16.NASL", "href": "https://www.tenable.com/plugins/nessus/97192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97192);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6305\",\n \"CVE-2016-6306\",\n \"CVE-2016-6307\",\n \"CVE-2016-6308\",\n \"CVE-2016-6309\",\n \"CVE-2016-7052\",\n \"CVE-2016-9260\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93149,\n 93150,\n 93151,\n 93152,\n 93153,\n 93171,\n 93177,\n 95772\n );\n\n script_name(english:\"Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Tenable Nessus\napplication running on the remote host is 6.x prior to 6.9. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the\n OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c\n due to improper use of pointer arithmetic for\n heap-buffer boundary checks. An unauthenticated, remote\n attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n OpenSSL component in the dsa_sign_setup() function in\n dsa_ossl.c due to a failure to properly ensure the use\n of constant-time operations. An unauthenticated, remote\n attacker can exploit this, via a timing side-channel\n attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the DTLS implementation due to a failure to\n properly restrict the lifetime of queue entries\n associated with unused out-of-order messages. An\n unauthenticated, remote attacker can exploit this, by\n maintaining multiple crafted DTLS sessions\n simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the X.509 Public Key Infrastructure\n Time-Stamp Protocol (TSP) implementation. An\n unauthenticated, remote attacker can exploit this, via a\n crafted time-stamp file that is mishandled by the\n 'openssl ts' command, to cause denial of service or to\n disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the Anti-Replay feature in the DTLS\n implementation due to improper handling of epoch\n sequence numbers in records. An unauthenticated, remote\n attacker can exploit this, via spoofed DTLS records, to\n cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in\n the BN_bn2dec() function in bn_print.c due to improper\n validation of user-supplied input when handling BIGNUM\n values. An unauthenticated, remote attacker can exploit\n this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the OpenSSL\n component in the 3DES and Blowfish algorithms due to the\n use of weak 64-bit block ciphers by default. A\n man-in-the-middle attacker who has sufficient resources\n can exploit this vulnerability, via a 'birthday' attack,\n to detect a collision that leaks the XOR between the\n fixed secret and a known plaintext, allowing the\n disclosure of the secret text, such as secure HTTPS\n cookies, and possibly resulting in the hijacking of an\n authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the OpenSSL component in the\n tls_decrypt_ticket() function in t1_lib.c due to\n improper handling of ticket HMAC digests.\n An unauthenticated, remote attacker can exploit this,\n via a ticket that is too short, to crash the process,\n resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL\n component in the MDC2_Update() function in mdc2dgst.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a heap-based buffer overflow, resulting in a\n denial of service condition or possibly the execution of\n arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the\n ssl_parse_clienthello_tlsext() function in t1_lib.c due\n to improper handling of overly large OCSP Status Request\n extensions from clients. An unauthenticated, remote\n attacker can exploit this, via large OCSP Status Request\n extensions, to exhaust memory resources, resulting in a\n denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek()\n function in rec_layer_s3.c due to improper handling of\n empty records. An unauthenticated, remote attacker can\n exploit this, by triggering a zero-length record in an\n SSL_peek call, to cause an infinite loop, resulting in a\n denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the certificate parser that allows an\n unauthenticated, remote attacker to cause a denial of\n service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the state-machine implementation due to a\n failure to check for an excessive length before\n allocating memory. An unauthenticated, remote attacker\n can exploit this, via a crafted TLS message, to exhaust\n memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the DTLS implementation due to improper\n handling of excessively long DTLS messages. An\n unauthenticated, remote attacker can exploit this, via a\n crafted DTLS message, to exhaust available memory\n resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the\n OpenSSL component in the read_state_machine() function\n in statem.c due to improper handling of messages larger\n than 16k. An unauthenticated, remote attacker can\n exploit this, via a specially crafted message, to cause\n a use-after-free error, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in x509_vfy.c due to improper handling of\n certificate revocation lists (CRLs). An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted CRL, to cause a NULL pointer dereference,\n resulting in a crash of the service. (CVE-2016-7052)\n\n - A cross-site scripting (XSS) vulnerability exists due to\n improper validation of user-supplied input. An\n authenticated, remote attacker can exploit this, via a\n specially crafted request, to execute arbitrary script\n code in a user's browser session. (CVE-2016-9260)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-16\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160922.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160926.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable Nessus version 6.9 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6309\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:nessus\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n\tscript_dependencies(\"nessus_detect.nasl\", \"nessus_installed_win.nbin\", \"nessus_installed_linux.nbin\", \"macos_nessus_installed.nbin\");\n\tscript_require_keys(\"installed_sw/Tenable Nessus\");\n exit(0);\n}\n\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nvar app = \"Tenable Nessus\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\nvar port = get_http_port(default:8834);\n\nvar install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\n\nvar version = install['version'];\n\nvar fix = '6.9';\n\n# Affected versions:\n# 6.x\nvar order, report;\n\nif (version =~ \"^6\\.\" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n order = make_list('Installed version', 'Fixed version');\n report = make_array(\n order[0], version,\n order[1], fix\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE, xss:TRUE);\n exit(0);\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:45", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-10-20T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-5584", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6662", "CVE-2016-7440"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_16.NASL", "href": "https://www.tenable.com/plugins/nessus/94167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94167);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-5584\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92912,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153,\n 93659,\n 93735\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.16. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause\n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the\n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.16', min:'5.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:03", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-5584", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6662", "CVE-2016-7440"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_16_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/94198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94198);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-5584\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92912,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153,\n 93659,\n 93735\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.16. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause\n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the\n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.16\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:02", "description": "OpenSSL reports :\n\nHigh: OCSP Status Request extension unbounded memory growth\n\nSSL_peek() hang on empty record\n\nSWEET32 Mitigation\n\nOOB write in MDC2_Update()\n\nMalformed SHA512 ticket DoS\n\nOOB write in BN_bn2dec()\n\nOOB read in TS_OBJ_print_bio()\n\nPointer arithmetic undefined behaviour\n\nConstant time flag not preserved in DSA signing\n\nDTLS buffered message DoS\n\nDTLS replay protection DoS\n\nCertificate message OOB reads\n\nExcessive allocation of memory in tls_get_message_header()\n\nExcessive allocation of memory in dtls1_preprocess_fragment()\n\nNB: LibreSSL is only affected by CVE-2016-6304", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (43eaa656-80bc-11e6-bf52-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "p-cpe:/a:freebsd:freebsd:openssl-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/93674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93674);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6305\", \"CVE-2016-6306\", \"CVE-2016-6307\", \"CVE-2016-6308\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:26.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (43eaa656-80bc-11e6-bf52-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL reports :\n\nHigh: OCSP Status Request extension unbounded memory growth\n\nSSL_peek() hang on empty record\n\nSWEET32 Mitigation\n\nOOB write in MDC2_Update()\n\nMalformed SHA512 ticket DoS\n\nOOB write in BN_bn2dec()\n\nOOB read in TS_OBJ_print_bio()\n\nPointer arithmetic undefined behaviour\n\nConstant time flag not preserved in DSA signing\n\nDTLS buffered message DoS\n\nDTLS replay protection DoS\n\nCertificate message OOB reads\n\nExcessive allocation of memory in tls_get_message_header()\n\nExcessive allocation of memory in dtls1_preprocess_fragment()\n\nNB: LibreSSL is only affected by CVE-2016-6304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160922.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/43eaa656-80bc-11e6-bf52-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed1ae987\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel>=1.1.0<1.1.0_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2i,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:42", "description": "The MySQL project reports :\n\n- CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component.\n\n- CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.\n\n- CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.\n\n- CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub component.\n\n- CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub component.\n\n- CVE-2016-5629: Remote security vulnerability in 'Server: Federated' sub component.\n\n- CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub component.", "cvss3": {}, "published": "2017-01-16T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-6664", "CVE-2016-8283"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb100-client", "p-cpe:/a:freebsd:freebsd:mariadb100-server", "p-cpe:/a:freebsd:freebsd:mariadb101-client", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:mariadb55-client", "p-cpe:/a:freebsd:freebsd:mariadb55-server", "p-cpe:/a:freebsd:freebsd:mysql55-client", "p-cpe:/a:freebsd:freebsd:mysql55-server", "p-cpe:/a:freebsd:freebsd:mysql56-client", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-client", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:percona55-client", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:percona56-client", "p-cpe:/a:freebsd:freebsd:percona56-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_22373C43D72811E6A9A5B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/96510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96510);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5616\", \"CVE-2016-5617\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-6664\", \"CVE-2016-8283\");\n\n script_name(english:\"FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MySQL project reports :\n\n- CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer'\nsub component.\n\n- CVE-2016-5616, CVE-2016-6663: Race condition allows local users with\ncertain permissions to gain privileges by leveraging use of\nmy_copystat by REPAIR TABLE to repair a MyISAM table.\n\n- CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based\nlogging, allows local users with access to the mysql account to gain\nroot privileges via a symlink attack on error logs and possibly other\nfiles.\n\n- CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub\ncomponent.\n\n- CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub\ncomponent.\n\n- CVE-2016-5629: Remote security vulnerability in 'Server: Federated'\nsub component.\n\n- CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub\ncomponent.\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ad1fd2e\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-5552-release-notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10118-release-notes/\"\n );\n # https://vuxml.freebsd.org/freebsd/22373c43-d728-11e6-a9a5-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc418265\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-client<5.5.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-client<10.0.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-server<10.0.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-client<10.1.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-client<5.5.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<5.5.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-client<5.6.33\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.33\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-client<5.7.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-client<5.5.51.38.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.51.38.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-client<5.6.32.78.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.32.78.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:55", "description": "New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2016-11-01T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mariadb", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-305-03.NASL", "href": "https://www.tenable.com/plugins/nessus/94440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-305-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94440);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n script_xref(name:\"SSA\", value:\"2016-305-03\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mariadb packages are available for Slackware 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.484350\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c44d1a5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mariadb\", pkgver:\"5.5.53\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"5.5.53\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mariadb\", pkgver:\"10.0.28\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:52", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-10-20T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_5_53.NASL", "href": "https://www.tenable.com/plugins/nessus/94165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94165);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92912,\n 93612,\n 93614,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.5.53', min:'5.5', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:46", "description": "The version of MySQL running on the remote host is 5.5.x prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within file sql/sys_vars.cc due to inadequate restrictions on the ability to write to the my.cnf configuration file and allowing the loading of configuration files from path locations not used by current versions. An authenticated, remote attacker can exploit this issue by using specially crafted queries that utilize logging functionality to create new files or append custom content to existing files. This allows the attacker to gain root privileges by inserting a custom .cnf file with a 'malloc_lib=' directive pointing to specially crafted mysql_hookandroot_lib.so file and thereby cause MySQL to load a malicious library the next time it is started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C software version of AES Encryption and Decryption, due to table lookups not properly considering cache-bank access times. A local attacker can exploit this, via a specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "nessus", "title": "MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_5_53_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/94196", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94196);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5584\",\n \"CVE-2016-5616\",\n \"CVE-2016-5617\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6662\",\n \"CVE-2016-7440\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92912,\n 93612,\n 93614,\n 93638,\n 93650,\n 93659,\n 93668,\n 93735,\n 93737\n );\n script_xref(name:\"EDB-ID\", value:\"40360\");\n\n script_name(english:\"MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.5.x prior to\n5.5.53. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5584)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the Error Handling\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-5617)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A flaw exists in the check_log_path() function within\n file sql/sys_vars.cc due to inadequate restrictions on\n the ability to write to the my.cnf configuration file\n and allowing the loading of configuration files from\n path locations not used by current versions. An\n authenticated, remote attacker can exploit this issue\n by using specially crafted queries that utilize logging\n functionality to create new files or append custom\n content to existing files. This allows the attacker to\n gain root privileges by inserting a custom .cnf file\n with a 'malloc_lib=' directive pointing to specially\n crafted mysql_hookandroot_lib.so file and thereby cause\n MySQL to load a malicious library the next time it is\n started. (CVE-2016-6662)\n\n - A flaw exists in wolfSSL, specifically within the C\n software version of AES Encryption and Decryption, due\n to table lookups not properly considering cache-bank\n access times. A local attacker can exploit this, via a\n specially crafted application, to disclose AES keys.\n (CVE-2016-7440)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition.(CVE-2016-8283)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html\");\n # http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbd97f45\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.5.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.5.53\";\nexists_version = \"5.5\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:40", "description": "This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient-devel", "p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:libmysqld-devel", "p-cpe:/a:novell:suse_linux:libmysqld18", "p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2932-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95383);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n\n script_name(english:\"SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367) Bugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic\n (bsc#1003800)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008318\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5624/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5626/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5629/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8283/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162932-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44e8bca1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1718=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1718=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient-devel-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient_r18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld-devel-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqld18-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-client-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-debugsource-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-errormessages-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mariadb-tools-debuginfo-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-32bit-10.0.28-20.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-20.16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:12", "description": "This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) :\n\nSecurity fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\nBugfixes :\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2016-1416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1416.NASL", "href": "https://www.tenable.com/plugins/nessus/95596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1416.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95596);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2016-1416)\");\n script_summary(english:\"Check for the openSUSE-2016-1416 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318) :\n\nSecurity fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367)\n\nBugfixes :\n\n - mariadb failing test sys_vars.optimizer_switch_basic\n (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@'\n with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990890\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient-devel-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient18-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqlclient_r18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld-devel-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmysqld18-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-bench-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-client-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-debugsource-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-errormessages-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-test-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mariadb-tools-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.28-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:56", "description": "This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmysqlclient18", "p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo", "p-cpe:/a:novell:suse_linux:libmysqlclient_r18", "p-cpe:/a:novell:suse_linux:mariadb", "p-cpe:/a:novell:suse_linux:mariadb-client", "p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debuginfo", "p-cpe:/a:novell:suse_linux:mariadb-debugsource", "p-cpe:/a:novell:suse_linux:mariadb-errormessages", "p-cpe:/a:novell:suse_linux:mariadb-tools", "p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2933-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2933-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95384);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318): Security fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367) Bugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic\n (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@'\n with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990890\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3492/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5624/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5626/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5629/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7440/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8283/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162933-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43f02b82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2016-1717=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1717=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1717=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1717=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1717=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1717=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1717=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-client-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-debugsource-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-errormessages-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mariadb-tools-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-tools-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-client-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-debugsource-10.0.28-17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mariadb-errormessages-10.0.28-17.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:08", "description": "This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) :\n\nSecurity fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367)\n\nBugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mariadb (openSUSE-2016-1417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysqlclient-devel", "p-cpe:/a:novell:opensuse:libmysqlclient18", "p-cpe:/a:novell:opensuse:libmysqlclient18-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo", "p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysqlclient_r18", "p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit", "p-cpe:/a:novell:opensuse:libmysqld-devel", "p-cpe:/a:novell:opensuse:libmysqld18", "p-cpe:/a:novell:opensuse:libmysqld18-debuginfo", "p-cpe:/a:novell:opensuse:mariadb", "p-cpe:/a:novell:opensuse:mariadb-bench", "p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-client", "p-cpe:/a:novell:opensuse:mariadb-client-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-debugsource", "p-cpe:/a:novell:opensuse:mariadb-errormessages", "p-cpe:/a:novell:opensuse:mariadb-test", "p-cpe:/a:novell:opensuse:mariadb-test-debuginfo", "p-cpe:/a:novell:opensuse:mariadb-tools", "p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1417.NASL", "href": "https://www.tenable.com/plugins/nessus/95597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1417.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95597);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n\n script_name(english:\"openSUSE Security Update : mariadb (openSUSE-2016-1417)\");\n script_summary(english:\"Check for the openSUSE-2016-1417 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mariadb update to version 10.0.28 fixes the following issues\n(bsc#1008318) :\n\nSecurity fixes :\n\n - CVE-2016-8283: Unspecified vulnerability in subcomponent\n Types (bsc#1005582)\n\n - CVE-2016-7440: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005581)\n\n - CVE-2016-5629: Unspecified vulnerability in subcomponent\n Federated (bsc#1005569)\n\n - CVE-2016-5626: Unspecified vulnerability in subcomponent\n GIS (bsc#1005566)\n\n - CVE-2016-5624: Unspecified vulnerability in subcomponent\n DML (bsc#1005564)\n\n - CVE-2016-5616: Unspecified vulnerability in subcomponent\n MyISAM (bsc#1005562)\n\n - CVE-2016-5584: Unspecified vulnerability in subcomponent\n Encryption (bsc#1005558)\n\n - CVE-2016-3492: Unspecified vulnerability in subcomponent\n Optimizer (bsc#1005555)\n\n - CVE-2016-6663: Privilege Escalation / Race Condition\n (bsc#1001367)\n\nBugfixes :\n\n - mysql_install_db can't find data files (bsc#1006539)\n\n - mariadb failing test sys_vars.optimizer_switch_basic\n (bsc#1003800)\n\n - Remove useless mysql@default.service (bsc#1004477)\n\n - Replace all occurrences of the string '@sysconfdir@'\n with '/etc' as it wasn't expanded properly (bsc#990890)\n\n - Notable changes :\n\n - XtraDB updated to 5.6.33-79.0\n\n - TokuDB updated to 5.6.33-79.0\n\n - Innodb updated to 5.6.33\n\n - Performance Schema updated to 5.6.33\n\n - Release notes and upstream changelog :\n\n - https://kb.askmonty.org/en/mariadb-10028-release-notes\n\n - https://kb.askmonty.org/en/mariadb-10028-changelog\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990890\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-changelog/\"\n );\n # https://kb.askmonty.org/en/mariadb-10028-release-notes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqlclient_r18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmysqld18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-bench-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-errormessages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mariadb-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient-devel-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient18-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqlclient_r18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld-devel-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libmysqld18-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-bench-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-client-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-debugsource-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-errormessages-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-test-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mariadb-tools-debuginfo-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-32bit-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient18-debuginfo-32bit-10.0.28-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libmysqlclient_r18-32bit-10.0.28-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient-devel / libmysqlclient18 / libmysqlclient18-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:33", "description": "Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details :\n\n - https://mariadb.com/kb/en/mariadb/mariadb-10028-release- notes/", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "nessus", "title": "Debian DSA-3711-1 : mariadb-10.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5584", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-7440", "CVE-2016-8283"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mariadb-10.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3711.NASL", "href": "https://www.tenable.com/plugins/nessus/94743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3711. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94743);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5584\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6663\", \"CVE-2016-7440\", \"CVE-2016-8283\");\n script_xref(name:\"DSA\", value:\"3711\");\n\n script_name(english:\"Debian DSA-3711-1 : mariadb-10.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new\nupstream version 10.0.28. Please see the MariaDB 10.0 Release Notes\nfor further details :\n\n -\n https://mariadb.com/kb/en/mariadb/mariadb-10028-release-\n notes/\"\n );\n # https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/library/mariadb-10028-release-notes/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mariadb-10.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3711\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mariadb-10.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 10.0.28-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mariadb-10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmariadbd-dev\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-client-core-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-common\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-connect-engine-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-oqgraph-engine-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-server-core-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test\", reference:\"10.0.28-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mariadb-test-10.0\", reference:\"10.0.28-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:17", "description": "The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.15 and is affected by multiple issues :\n\n - A flaw exists related to the way 'REPAIR TABLE' uses temporary files. This may allow an authenticated attacker to gain elevated privileges.\n - A flaw exists in InnoDB that is triggered during the handling of an operation that dropped and created a full-text search table. This may allow an authenticated attacker to trigger an assertion and cause a denial of service.\n - A flaw exists in InnoDB that is triggered when accessing full-text search auxiliary tables while dropping the indexed table. This may allow an authenticated attacker to trigger an assertion and cause a denial of service.\n - An overflow condition exists that is triggered as certain input is not properly validated when handling long integer values in 'MEDIUMINT' columns. This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.\n - A flaw exists in the 'validate_password' plugin that is triggered as rejected passwords are logged in plaintext on the error log. This may allow a local attacker to gain access to passwords that did not meet the password policy, but may potentially be very close to the password ultimately chosen and accepted.\n - A flaw exists in InnoDB that is triggered during the handling of an 'ALTER TABLE ... ENCRYPTION=Y, ALGORITHM=COPY' operation on a table residing in the system tablespace. This may allow an authenticated attacker to crash the server.\n - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3492)\n - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5507)\n - An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5616)\n - An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5617)\n - An unspecified flaw exists related to the Packaging subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5625)\n - An unspecified flaw exists related to the GIS subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5626)\n - An unspecified flaw exists related to the Federated subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5629)\n - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (2016-5632)\n - An unspecified flaw exists related to the Types subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-8283)\n - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated remote attacker to disclose potentially sensitive information. No further details have been provided by the vendor. (CVE-2016-8286)", "cvss3": {}, "published": "2016-09-30T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5507", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-8283", "CVE-2016-8286"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "9618.PRM", "href": "https://www.tenable.com/plugins/nnm/9618", "sourceData": "Binary data 9618.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:49", "description": "According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.5.7958.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the bundled version of Apache Tomcat in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An authenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351)\n\n - A remote code execution vulnerability exists in the Framework subcomponent that allows an authenticated, remote attacker to execute arbitrary code.\n (CVE-2016-0635)\n\n - An information disclosure vulnerability exists in the bundled version of Apache Tomcat that allows a specially crafted web application to load the StatusManagerServlet. An authenticated, remote attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706)\n\n - A remote code execution vulnerability exists in the bundled version of Apache Tomcat due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An authenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A security bypass vulnerability exists in the bundled version of Apache Tomcat due to a failure to consider whether ResourceLinkFactory.setGlobalContext callers are authorized. An authenticated, remote attacker can exploit this, via a web application that sets a crafted global context, to bypass intended SecurityManager restrictions and read or write to arbitrary application data or cause a denial of service condition.\n (CVE-2016-0763)\n\n - Multiple integer overflow conditions exist in the bundled version of OpenSSL in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the bundled version of OpenSSL in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the bundled version of OpenSSL in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the bundled version of OpenSSL in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation.\n An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the bundled version of OpenSSL in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records. An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the bundled version of OpenSSL in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the bundled version of OpenSSL in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default.\n A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the bundled version of OpenSSL in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the bundled version of OpenSSL in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303)\n\n - A denial of service vulnerability exists in the bundled version of OpenSSL in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources. (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the bundled version of OpenSSL in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations.\n (CVE-2016-6306)", "cvss3": {}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "MySQL Enterprise Monitor 3.1.x < 3.1.5.7958 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5351", "CVE-2016-0635", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-5590", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "id": "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "href": "https://www.tenable.com/plugins/nessus/96767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96767);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2015-5351\",\n \"CVE-2016-0635\",\n \"CVE-2016-0706\",\n \"CVE-2016-0714\",\n \"CVE-2016-0763\",\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-5590\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\"\n );\n script_bugtraq_id(\n 83324,\n 83326,\n 83327,\n 83330,\n 91081,\n 91319,\n 91869,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153\n );\n script_xref(name:\"CERT\", value:\"576313\");\n\n script_name(english:\"MySQL Enterprise Monitor 3.1.x < 3.1.5.7958 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)\");\n script_summary(english:\"Checks the version of MySQL Enterprise Monitor.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the MySQL Enterprise Monitor\napplication running on the remote host is 3.1.x prior to 3.1.5.7958.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n bundled version of Apache Tomcat in the Manager and Host\n Manager web applications due to a flaw in the index page\n when issuing redirects in response to unauthenticated\n requests for the root directory of the application. An\n authenticated, remote attacker can exploit this to gain\n access to the XSRF token information stored in the index\n page. (CVE-2015-5351)\n\n - A remote code execution vulnerability exists in the\n Framework subcomponent that allows an authenticated,\n remote attacker to execute arbitrary code.\n (CVE-2016-0635)\n\n - An information disclosure vulnerability exists in the \n bundled version of Apache Tomcat that allows a specially\n crafted web application to load the\n StatusManagerServlet. An authenticated, remote attacker\n can exploit this to gain unauthorized access to a list\n of all deployed applications and a list of the HTTP\n request lines for all requests currently being\n processed. (CVE-2016-0706)\n\n - A remote code execution vulnerability exists in the\n bundled version of Apache Tomcat due to a flaw in the\n StandardManager, PersistentManager, and cluster\n implementations that is triggered when handling\n persistent sessions. An authenticated, remote attacker\n can exploit this, via a crafted object in a session, to\n bypass the security manager and execute arbitrary code.\n (CVE-2016-0714)\n\n - A security bypass vulnerability exists in the bundled\n version of Apache Tomcat due to a failure to consider\n whether ResourceLinkFactory.setGlobalContext callers are\n authorized. An authenticated, remote attacker can\n exploit this, via a web application that sets a crafted\n global context, to bypass intended SecurityManager\n restrictions and read or write to arbitrary application\n data or cause a denial of service condition.\n (CVE-2016-0763)\n\n - Multiple integer overflow conditions exist in the\n bundled version of OpenSSL in s3_srvr.c, ssl_sess.c, and\n t1_lib.c due to improper use of pointer arithmetic for\n heap-buffer boundary checks. An unauthenticated, remote\n attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n bundled version of OpenSSL in the dsa_sign_setup()\n function in dsa_ossl.c due to a failure to properly\n ensure the use of constant-time operations. An\n unauthenticated, remote attacker can exploit this, via a\n timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the bundled\n version of OpenSSL in the DTLS implementation due to a\n failure to properly restrict the lifetime of queue\n entries associated with unused out-of-order messages. An\n unauthenticated, remote attacker can exploit this, by\n maintaining multiple crafted DTLS sessions\n simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the bundled\n version of OpenSSL in the X.509 Public Key\n Infrastructure Time-Stamp Protocol (TSP) implementation.\n An unauthenticated, remote attacker can exploit this,\n via a crafted time-stamp file that is mishandled by the\n 'openssl ts' command, to cause denial of service or to\n disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the bundled\n version of OpenSSL in the Anti-Replay feature in the\n DTLS implementation due to improper handling of epoch\n sequence numbers in records. An unauthenticated, remote\n attacker can exploit this, via spoofed DTLS records, to\n cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the bundled version of\n OpenSSL in the BN_bn2dec() function in bn_print.c due to\n improper validation of user-supplied input when handling\n BIGNUM values. An unauthenticated, remote attacker can\n exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the bundled\n version of OpenSSL in the 3DES and Blowfish algorithms\n due to the use of weak 64-bit block ciphers by default.\n A man-in-the-middle attacker who has sufficient\n resources can exploit this vulnerability, via a\n 'birthday' attack, to detect a collision that leaks the\n XOR between the fixed secret and a known plaintext,\n allowing the disclosure of the secret text, such as\n secure HTTPS cookies, and possibly resulting in the\n hijacking of an authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the bundled version of OpenSSL in the\n tls_decrypt_ticket() function in t1_lib.c due to\n improper handling of ticket HMAC digests. An\n unauthenticated, remote attacker can exploit this, via a\n ticket that is too short, to crash the process,\n resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the bundled\n version of OpenSSL in the MDC2_Update() function in\n mdc2dgst.c due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a heap-based buffer overflow, resulting in\n a denial of service condition or possibly the execution\n of arbitrary code. (CVE-2016-6303)\n\n - A denial of service vulnerability exists in the bundled\n version of OpenSSL in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources. (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the bundled\n version of OpenSSL in the certificate parser that allows\n an unauthenticated, remote attacker to cause a denial of\n service via crafted certificate operations.\n (CVE-2016-6306)\");\n # https://dev.mysql.com/doc/relnotes/mysql-monitor/3.1/en/news-3-1-5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?152b030b\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1c38e52\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Monitor version 3.1.5.7958 or later as\nreferenced in the January 2017 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 18443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"MySQL Enterprise Monitor\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:18443);\n\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\ninstall_url = build_url(port:port, qs:\"/\");\n\nfix = \"3.1.5.7958\";\nvuln = FALSE;\nif (version =~ \"^3\\.1($|[^0-9])\" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n vuln = TRUE;;\n\nif (vuln)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report, xsrf:TRUE);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:19", "description": "According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server:\n Optimizer.(CVE-2016-3492)\n\n - Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-5612)\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM.(CVE-2016-5616i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.i1/4^CVE-2016-5624i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.i1/4^CVE-2016-5626i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server:\n Federated.i1/4^CVE-2016-5629i1/4%0\n\n - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15 MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17 and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.i1/4^CVE-2016-6662i1/4%0\n\n - A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.i1/4^CVE-2016-6663i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server:\n Types.i1/4^CVE-2016-8283i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mariadb", "p-cpe:/a:huawei:euleros:mariadb-bench", "p-cpe:/a:huawei:euleros:mariadb-devel", "p-cpe:/a:huawei:euleros:mariadb-embedded", "p-cpe:/a:huawei:euleros:mariadb-libs", "p-cpe:/a:huawei:euleros:mariadb-server", "p-cpe:/a:huawei:euleros:mariadb-test", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/99824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99824);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5612\",\n \"CVE-2016-5616\",\n \"CVE-2016-5624\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6662\",\n \"CVE-2016-6663\",\n \"CVE-2016-8283\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the mariadb packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier, 5.6.32 and earlier, and 5.7.14 and earlier\n allows remote authenticated users to affect\n availability via vectors related to Server:\n Optimizer.(CVE-2016-3492)\n\n - Unspecified vulnerability in Oracle MySQL 5.5.50 and\n earlier, 5.6.31 and earlier, and 5.7.13 and earlier\n allows remote authenticated users to affect\n availability via vectors related to DML.(CVE-2016-5612)\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier, 5.6.32 and earlier, and 5.7.14 and earlier\n allows local users to affect confidentiality,\n integrity, and availability via vectors related to\n Server: MyISAM.(CVE-2016-5616i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier allows remote authenticated users to affect\n availability via vectors related to\n DML.i1/4^CVE-2016-5624i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier, 5.6.32 and earlier, and 5.7.14 and earlier\n allows remote authenticated users to affect\n availability via vectors related to\n GIS.i1/4^CVE-2016-5626i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier, 5.6.32 and earlier, and 5.7.14 and earlier\n allows remote administrators to affect availability via\n vectors related to Server:\n Federated.i1/4^CVE-2016-5629i1/4%0\n\n - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and\n 5.7.x through 5.7.15 MariaDB before 5.5.51, 10.0.x\n before 10.0.27, and 10.1.x before 10.1.17 and Percona\n Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,\n and 5.7.x before 5.7.14-7 allow local users to create\n arbitrary configurations and bypass certain protection\n mechanisms by setting general_log_file to a my.cnf\n configuration. NOTE: this can be leveraged to execute\n arbitrary code with root privileges by setting\n malloc_lib.i1/4^CVE-2016-6662i1/4%0\n\n - A race condition was found in the way MySQL performed\n MyISAM engine table repair. A database user with shell\n access to the server running mysqld could use this flaw\n to change permissions of arbitrary files writable by\n the mysql system user.i1/4^CVE-2016-6663i1/4%0\n\n - Unspecified vulnerability in Oracle MySQL 5.5.51 and\n earlier, 5.6.32 and earlier, and 5.7.14 and earlier\n allows remote authenticated users to affect\n availability via vectors related to Server:\n Types.i1/4^CVE-2016-8283i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1062\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6d2a717\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mariadb packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"mariadb-5.5.52-1\",\n \"mariadb-bench-5.5.52-1\",\n \"mariadb-devel-5.5.52-1\",\n \"mariadb-embedded-5.5.52-1\",\n \"mariadb-libs-5.5.52-1\",\n \"mariadb-server-5.5.52-1\",\n \"mariadb-test-5.5.52-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:46", "description": "The remote Oracle Database Server is missing the October 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the RDBMS Security and SQL*Plus component that allows an authenticated, remote attacker to disclose sensitive information.\n (CVE-2016-3562)\n\n - An unspecified flaw exists in the RDBMS Security component that allows a local attacker to gain elevated privileges. (CVE-2016-5497)\n\n - Multiple unspecified flaws exist in the RDBMS Security component that allow a local attacker to disclose sensitive information. (CVE-2016-5498, CVE-2016-5499)\n\n - An unspecified flaw exists in the RDBMS Programmable Interface component that allows a local attacker to disclose sensitive information. (CVE-2016-5505)\n\n - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to cause a denial of service condition. (CVE-2016-5516)\n\n - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-5555)\n\n - An unspecified flaw exists in the Kernel PDB component that allows a local attacker to gain elevated privileges. (CVE-2016-5572)", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "nessus", "title": "Oracle Database Multiple Vulnerabilities (October 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3562", "CVE-2016-5497", "CVE-2016-5498", "CVE-2016-5499", "CVE-2016-5505", "CVE-2016-5516", "CVE-2016-5555", "CVE-2016-5572"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_OCT_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/94201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94201);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-3562\",\n \"CVE-2016-5497\",\n \"CVE-2016-5498\",\n \"CVE-2016-5499\",\n \"CVE-2016-5505\",\n \"CVE-2016-5516\",\n \"CVE-2016-5555\",\n \"CVE-2016-5572\"\n );\n script_bugtraq_id(\n 93613,\n 93615,\n 93620,\n 93626,\n 93629,\n 93631,\n 93634,\n 93640\n );\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (October 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Database Server is missing the October 2016 Critical\nPatch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the RDBMS Security and\n SQL*Plus component that allows an authenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-3562)\n\n - An unspecified flaw exists in the RDBMS Security\n component that allows a local attacker to gain elevated\n privileges. (CVE-2016-5497)\n\n - Multiple unspecified flaws exist in the RDBMS Security\n component that allow a local attacker to disclose\n sensitive information. (CVE-2016-5498, CVE-2016-5499)\n\n - An unspecified flaw exists in the RDBMS Programmable\n Interface component that allows a local attacker to\n disclose sensitive information. (CVE-2016-5505)\n\n - An unspecified flaw exists in the Kernel PDB component\n that allows a local attacker to cause a denial of\n service condition. (CVE-2016-5516)\n\n - An unspecified flaw exists in the OJVM component that\n allows an authenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5555)\n\n - An unspecified flaw exists in the Kernel PDB component\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5572)\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5555\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\n################################################################################\n# OCT2016\npatches = make_nested_array();\n\n# RDBMS 12.1.0.2\npatches[\"12.1.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.161018\", \"CPU\", \"24006101, 24448103\");\npatches[\"12.1.0.2\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.161018\", \"CPU\", \"24591642\");\n# RDBMS 11.2.0.4 #\npatches[\"11.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.161018\", \"CPU\", \"24433711, 24006111\");\npatches[\"11.2.0.4\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.161018\", \"CPU\", \"24591646\");\n\n# JVM 12.1.0.2\npatches[\"12.1.0.2\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.161018\", \"CPU\", \"24315824\");\npatches[\"12.1.0.2\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.161018\", \"CPU\", \"24591630\");\n# JVM 11.2.0.4\npatches[\"11.2.0.4\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.161018\", \"CPU\", \"24315821\");\npatches[\"11.2.0.4\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.161018\", \"CPU\", \"24591637\");\n\ncheck_oracle_database(patches:patches);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:58", "description": "The following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52).\n\nSecurity Fix(es) :\n\n - It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n - A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)\n\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : mariadb on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mariadb", "p-cpe:/a:fermilab:scientific_linux:mariadb-bench", "p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo", "p-cpe:/a:fermilab:scientific_linux:mariadb-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded", "p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel", "p-cpe:/a:fermilab:scientific_linux:mariadb-libs", "p-cpe:/a:fermilab:scientific_linux:mariadb-server", "p-cpe:/a:fermilab:scientific_linux:mariadb-test", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_MARIADB_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95847", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95847);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5612\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6662\", \"CVE-2016-6663\", \"CVE-2016-8283\");\n\n script_name(english:\"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52).\n\nSecurity Fix(es) :\n\n - It was discovered that the MariaDB logging functionality\n allowed writing to MariaDB configuration files. An\n administrative database user, or a database user with\n FILE privileges, could possibly use this flaw to run\n arbitrary commands with root privileges on the system\n running the database server. (CVE-2016-6662)\n\n - A race condition was found in the way MariaDB performed\n MyISAM engine table repair. A database user with shell\n access to the server running mysqld could use this flaw\n to change permissions of arbitrary files writable by the\n mysql system user. (CVE-2016-6663)\n\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,\nCVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=6698\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e8e666d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-debuginfo-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.52-1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:15", "description": "The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of long-term keys to establish an encrypted connection. A man-in-the-middle attacker can exploit this, via a Key Compromise Impersonation (KCI) attack, to impersonate the server.\n\n - A denial of service vulnerability exists in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052)", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-7052"], "modified": "2023-04-21T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY21.NASL", "href": "https://www.tenable.com/plugins/nessus/95255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95255);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\",\n \"CVE-2016-7052\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153,\n 93171\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause \n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the \n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of\n long-term keys to establish an encrypted connection. A\n man-in-the-middle attacker can exploit this, via a Key\n Compromise Impersonation (KCI) attack, to impersonate\n the server.\n\n - A denial of service vulnerability exists in x509_vfy.c\n due to improper handling of certificate revocation lists\n (CRLs). An unauthenticated, remote attacker can exploit\n this, via a specially crafted CRL, to cause a NULL \n pointer dereference, resulting in a crash of the\n service. (CVE-2016-7052)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160922.txt\");\n # https://github.com/openssl/openssl/commit/41b42807726e340538701021cdc196672330f4db\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09b29b30\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\n#1.0.1.517\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.516\", fixpackagever:\"1.0.1.517\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.516\", fixpackagever:\"1.0.1.517\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.516\", fixpackagever:\"1.0.1.517\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.1.500\", maxpackagever:\"1.0.1.516\", fixpackagever:\"1.0.1.517\") > 0) flag++;\n\n#1.0.2.1000\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.800\", fixpackagever:\"1.0.2.1000\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.800\", fixpackagever:\"1.0.2.1000\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.800\", fixpackagever:\"1.0.2.1000\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.800\", fixpackagever:\"1.0.2.1000\") > 0) flag++;\n\n#20.13.101.500\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.13.101.499\", fixpackagever:\"20.13.101.500\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.13.101.499\", fixpackagever:\"20.13.101.500\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.13.101.499\", fixpackagever:\"20.13.101.500\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"20.11.101.500\", maxpackagever:\"20.13.101.499\", fixpackagever:\"20.13.101.500\") > 0) flag++;\n\n#20.13.102.1000\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"20.13.102.0\", maxpackagever:\"20.13.102.999\", fixpackagever:\"20.13.102.1000\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"20.13.102.0\", maxpackagever:\"20.13.102.999\", fixpackagever:\"20.13.102.1000\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"20.13.102.0\", maxpackagever:\"20.13.102.999\", fixpackagever:\"20.13.102.1000\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:\"openssl.base\", minpackagever:\"20.13.102.0\", maxpackagever:\"20.13.102.999\", fixpackagever:\"20.13.102.1000\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:19", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : mariadb (RHSA-2016:2595)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-bench", "p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-test", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2595.NASL", "href": "https://www.tenable.com/plugins/nessus/94558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2595. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94558);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5612\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6662\", \"CVE-2016-6663\", \"CVE-2016-8283\");\n script_xref(name:\"RHSA\", value:\"2016:2595\");\n\n script_name(english:\"RHEL 7 : mariadb (RHSA-2016:2595)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed\nwriting to MariaDB configuration files. An administrative database\nuser, or a database user with FILE privileges, could possibly use this\nflaw to run arbitrary commands with root privileges on the system\nrunning the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM\nengine table repair. A database user with shell access to the server\nrunning mysqld could use this flaw to change permissions of arbitrary\nfiles writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,\nCVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8283\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2595\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-bench-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-debuginfo-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-devel-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-embedded-devel-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"mariadb-libs-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-server-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mariadb-test-5.5.52-1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.52-1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:54", "description": "An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : mariadb (CESA-2016:2595)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mariadb", "p-cpe:/a:centos:centos:mariadb-bench", "p-cpe:/a:centos:centos:mariadb-devel", "p-cpe:/a:centos:centos:mariadb-embedded", "p-cpe:/a:centos:centos:mariadb-embedded-devel", "p-cpe:/a:centos:centos:mariadb-libs", "p-cpe:/a:centos:centos:mariadb-server", "p-cpe:/a:centos:centos:mariadb-test", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2595.NASL", "href": "https://www.tenable.com/plugins/nessus/95341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2595 and \n# CentOS Errata and Security Advisory 2016:2595 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95341);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5612\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6662\", \"CVE-2016-6663\", \"CVE-2016-8283\");\n script_xref(name:\"RHSA\", value:\"2016:2595\");\n\n script_name(english:\"CentOS 7 : mariadb (CESA-2016:2595)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed\nwriting to MariaDB configuration files. An administrative database\nuser, or a database user with FILE privileges, could possibly use this\nflaw to run arbitrary commands with root privileges on the system\nrunning the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM\nengine table repair. A database user with shell access to the server\nrunning mysqld could use this flaw to change permissions of arbitrary\nfiles writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,\nCVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003624.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6aeacd81\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6662\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.52-1.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:47", "description": "From Red Hat Security Advisory 2016:2595 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : mariadb (ELSA-2016-2595)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-8283"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mariadb", "p-cpe:/a:oracle:linux:mariadb-bench", "p-cpe:/a:oracle:linux:mariadb-devel", "p-cpe:/a:oracle:linux:mariadb-embedded", "p-cpe:/a:oracle:linux:mariadb-embedded-devel", "p-cpe:/a:oracle:linux:mariadb-libs", "p-cpe:/a:oracle:linux:mariadb-server", "p-cpe:/a:oracle:linux:mariadb-test", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2595.NASL", "href": "https://www.tenable.com/plugins/nessus/94715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2595 and \n# Oracle Linux Security Advisory ELSA-2016-2595 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94715);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-3492\", \"CVE-2016-5612\", \"CVE-2016-5616\", \"CVE-2016-5624\", \"CVE-2016-5626\", \"CVE-2016-5629\", \"CVE-2016-6662\", \"CVE-2016-6663\", \"CVE-2016-8283\");\n script_xref(name:\"RHSA\", value:\"2016:2595\");\n\n script_name(english:\"Oracle Linux 7 : mariadb (ELSA-2016-2595)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2595 :\n\nAn update for mariadb is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is\nbinary compatible with MySQL.\n\nThe following packages have been upgraded to a newer upstream version:\nmariadb (5.5.52). (BZ#1304516, BZ#1377974)\n\nSecurity Fix(es) :\n\n* It was discovered that the MariaDB logging functionality allowed\nwriting to MariaDB configuration files. An administrative database\nuser, or a database user with FILE privileges, could possibly use this\nflaw to run arbitrary commands with root privileges on the system\nrunning the database server. (CVE-2016-6662)\n\n* A race condition was found in the way MariaDB performed MyISAM\nengine table repair. A database user with shell access to the server\nrunning mysqld could use this flaw to change permissions of arbitrary\nfiles writable by the mysql system user. (CVE-2016-6663)\n\n* This update fixes several vulnerabilities in the MariaDB database\nserver. Information about these flaws can be found on the Oracle\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624,\nCVE-2016-5626, CVE-2016-5629, CVE-2016-8283)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006480.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mariadb-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-bench-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-embedded-devel-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-libs-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-server-5.5.52-1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mariadb-test-5.5.52-1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:00", "description": "This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High\n\n - OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low\n\n - Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)\n\n - Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)\n\n - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)\n\n - OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)\n\n - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)\n\n - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)\n\n - Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359)\n\n - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)\n\n - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)\n\n - Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on:\n https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed :\n\n - update expired S/MIME certs (bsc#979475)\n\n - improve s390x performance (bsc#982745)\n\n - allow >= 64GB AESGCM transfers (bsc#988591)\n\n - fix crash in print_notice (bsc#998190)\n\n - resume reading from /dev/urandom when interrupted by a signal (bsc#995075)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2394-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2394-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93765);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues: OpenSSL Security\nAdvisory [22 Sep 2016] (bsc#999665) Severity: High\n\n - OCSP Status Request extension unbounded memory growth\n (CVE-2016-6304) (bsc#999666) Severity: Low\n\n - Pointer arithmetic undefined behaviour (CVE-2016-2177)\n (bsc#982575)\n\n - Constant time flag not preserved in DSA signing\n (CVE-2016-2178) (bsc#983249)\n\n - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)\n\n - OOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n (bsc#990419)\n\n - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)\n\n - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)\n\n - Birthday attack against 64-bit block ciphers (SWEET32)\n (CVE-2016-2183) (bsc#995359)\n\n - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)\n\n - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)\n\n - Certificate message OOB reads (CVE-2016-6306)\n (bsc#999668) More information can be found on:\n https://www.openssl.org/news/secadv/20160922.txt Also\n following bugs were fixed :\n\n - update expired S/MIME certs (bsc#979475)\n\n - improve s390x performance (bsc#982745)\n\n - allow >= 64GB AESGCM transfers (bsc#988591)\n\n - fix crash in print_notice (bsc#998190)\n\n - resume reading from /dev/urandom when interrupted by a\n signal (bsc#995075)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160922.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2177/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2178/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2179/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2180/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2181/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2183/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6302/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6303/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6304/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6306/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162394-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dd7ca19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1393=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1393=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1393=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-52.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:39", "description": "Several vulnerabilities were discovered in OpenSSL :\n\nCVE-2016-2177\n\nGuido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithme tic/\n\nCVE-2016-2178\n\nCesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code.\n\nCVE-2016-2179 / CVE-2016-2181\n\nQuan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS.\n\nCVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303\n\nShi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() and MDC2_Update().\n\nCVE-2016-2183\n\nDES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack.\n\nCVE-2016-6302\n\nShi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service.\n\nCVE-2016-6304\n\nShi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion.\n\nCVE-2016-6306\n\nShi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u1.\n\nWe recommend that you upgrade your openssl and libssl1.0.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "Debian DLA-637-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-637.NASL", "href": "https://www.tenable.com/plugins/nessus/93690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-637-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93690);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n\n script_name(english:\"Debian DLA-637-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL :\n\nCVE-2016-2177\n\nGuido Vranken discovered that OpenSSL uses undefined pointer\narithmetic. Additional information can be found at\nhttps://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithme\ntic/\n\nCVE-2016-2178\n\nCesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak\nin the DSA code.\n\nCVE-2016-2179 / CVE-2016-2181\n\nQuan Luo and the OCAP audit team discovered denial of service\nvulnerabilities in DTLS.\n\nCVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303\n\nShi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio()\nand an out-of-bounds write in BN_bn2dec() and MDC2_Update().\n\nCVE-2016-2183\n\nDES-based cipher suites are demoted from the HIGH group to MEDIUM as a\nmitigation for the SWEET32 attack.\n\nCVE-2016-6302\n\nShi Lei discovered that the use of SHA512 in TLS session tickets is\nsusceptible to denial of service.\n\nCVE-2016-6304\n\nShi Lei discovered that excessively large OCSP status request may\nresult in denial of service via memory exhaustion.\n\nCVE-2016-6306\n\nShi Lei discovered that missing message length validation when parsing\ncertificates may potentially result in denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0.1t-1+deb7u1.\n\nWe recommend that you upgrade your openssl and libssl1.0.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n # https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6824788b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-22T16:00:44", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2i. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of long-term keys to establish an encrypted connection. A man-in-the-middle attacker can exploit this, via a Key Compromise Impersonation (KCI) attack, to impersonate the server.", "cvss3": {}, "published": "2016-09-30T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2023-08-21T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2I.NASL", "href": "https://www.tenable.com/plugins/nessus/93815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93815);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/21\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153\n );\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2i. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause \n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the \n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of\n long-term keys to establish an encrypted connection. A\n man-in-the-middle attacker can exploit this, via a Key\n Compromise Impersonation (KCI) attack, to impersonate\n the server.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160922.txt\");\n # https://github.com/openssl/openssl/commit/41b42807726e340538701021cdc196672330f4db\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09b29b30\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2i or later.\n\nNote that the GOST ciphersuites vulnerability is not yet fixed by the\nvendor in an official release; however, a patch for the issue has been\ncommitted to the OpenSSL github repository.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\", \"openssl_nix_installed.nbin\", \"openssl_win_installed.nbin\");\n script_require_keys(\"installed_sw/OpenSSL\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_openssl.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'OpenSSL');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [{ 'min_version' : \"1.0.2\", 'fixed_version' : '1.0.2i'}];\n\nvcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:23", "description": "The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the OpenSSL component in dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL component in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records. An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists in the OpenSSL component, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183)\n\n - A denial of service vulnerability exists in the Apache Commons FileUpload component due to improper handling of boundaries in content-type headers when handling file upload requests. An unauthenticated, remote attacker can exploit this to cause processes linked against the library to become unresponsive. (CVE-2016-3092)\n\n - A flaw exists in the OpenSSL component in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL component in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL component in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL component in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to improper handling of excessively long DTLS messages. An unauthenticated, remote attacker can exploit this, via a crafted DTLS message, to exhaust available memory resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the OpenSSL component in the read_state_machine() function in statem.c due to improper handling of messages larger than 16k. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a use-after-free error, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL component in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service condition.\n (CVE-2016-7052)\n\n - An unspecified flaw exists in the Discovery Framework subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-3518)", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3092", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-7052", "CVE-2017-3518"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/99594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99594);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-3092\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6305\",\n \"CVE-2016-6306\",\n \"CVE-2016-6307\",\n \"CVE-2016-6308\",\n \"CVE-2016-6309\",\n \"CVE-2016-7052\",\n \"CVE-2017-3518\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 91453,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93149,\n 93150,\n 93151,\n 93152,\n 93153,\n 93171,\n 93177,\n 97720\n );\n\n script_name(english:\"Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Grid Control installed on\nthe remote host is missing a security patch. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist in the\n OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c\n due to improper use of pointer arithmetic for\n heap-buffer boundary checks. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n OpenSSL component in dsa_sign_setup() function in\n dsa_ossl.c due to a failure to properly ensure the use\n of constant-time operations. An unauthenticated, remote\n attacker can exploit this, via a timing side-channel\n attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the DTLS implementation due to a failure to\n properly restrict the lifetime of queue entries\n associated with unused out-of-order messages. An\n unauthenticated, remote attacker can exploit this, by\n maintaining multiple crafted DTLS sessions\n simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the X.509 Public Key Infrastructure\n Time-Stamp Protocol (TSP) implementation. An\n unauthenticated, remote attacker can exploit this, via a\n crafted time-stamp file that is mishandled by the\n 'openssl ts' command, to cause denial of service or to\n disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the Anti-Replay feature in the DTLS\n implementation due to improper handling of epoch\n sequence numbers in records. An unauthenticated, remote\n attacker can exploit this, via spoofed DTLS records, to\n cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in\n the BN_bn2dec() function in bn_print.c due to improper\n validation of user-supplied input when handling BIGNUM\n values. An unauthenticated, remote attacker can exploit\n this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists in the OpenSSL component, known\n as SWEET32, in the 3DES and Blowfish algorithms due to\n the use of weak 64-bit block ciphers by default. A\n man-in-the-middle attacker who has sufficient resources\n can exploit this vulnerability, via a 'birthday' attack,\n to detect a collision that leaks the XOR between the\n fixed secret and a known plaintext, allowing the\n disclosure of the secret text, such as secure HTTPS\n cookies, and possibly resulting in the hijacking of an\n authenticated session. (CVE-2016-2183)\n\n - A denial of service vulnerability exists in the Apache\n Commons FileUpload component due to improper handling of\n boundaries in content-type headers when handling file\n upload requests. An unauthenticated, remote attacker can\n exploit this to cause processes linked against the\n library to become unresponsive. (CVE-2016-3092)\n\n - A flaw exists in the OpenSSL component in the\n tls_decrypt_ticket() function in t1_lib.c due to\n improper handling of ticket HMAC digests. An\n unauthenticated, remote attacker can exploit this, via a\n ticket that is too short, to crash the process,\n resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL\n component in the MDC2_Update() function in mdc2dgst.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a heap-based buffer overflow, resulting in a\n denial of service condition or possibly the execution of\n arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the\n ssl_parse_clienthello_tlsext() function in t1_lib.c due\n to improper handling of overly large OCSP Status Request\n extensions from clients. An unauthenticated, remote\n attacker can exploit this, via large OCSP Status Request\n extensions, to exhaust memory resources, resulting in a\n denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek()\n function in rec_layer_s3.c due to improper handling of\n empty records. An unauthenticated, remote attacker can\n exploit this, by triggering a zero-length record in an\n SSL_peek call, to cause an infinite loop, resulting in a\n denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the certificate parser that allows an\n unauthenticated, remote attacker to cause a denial of\n service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the state-machine implementation due to a\n failure to check for an excessive length before\n allocating memory. An unauthenticated, remote attacker\n can exploit this, via a crafted TLS message, to exhaust\n memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the DTLS implementation due to improper\n handling of excessively long DTLS messages. An\n unauthenticated, remote attacker can exploit this, via a\n crafted DTLS message, to exhaust available memory\n resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the\n OpenSSL component in the read_state_machine() function\n in statem.c due to improper handling of messages larger\n than 16k. An unauthenticated, remote attacker can\n exploit this, via a specially crafted message, to cause\n a use-after-free error, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in x509_vfy.c due to improper handling of\n certificate revocation lists (CRLs). An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted CRL, to cause a NULL pointer dereference,\n resulting in a crash of the service condition.\n (CVE-2016-7052)\n\n - An unspecified flaw exists in the Discovery Framework\n subcomponent that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-3518)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixEM\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0ed81f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb4db3c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2017 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\nfix = NULL;\npatched = FALSE;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25387277\";\n fix = \"13.2.0.0.170418\";\n}\nelse if (version =~ \"^13\\.1\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"25387198\";\n fix = \"13.1.0.0.170418\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"25387190\";\n fix = \"12.1.0.5.170418\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:47", "description": "Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service.\n(CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177)\n\nCesar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6306).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl vulnerabilities (USN-3087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3087-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93684);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n script_xref(name:\"USN\", value:\"3087-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl vulnerabilities (USN-3087-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status\nRequest extension. A remote attacker could possibly use this issue to\ncause memory consumption, resulting in a denial of service.\n(CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when\nperforming pointer arithmetic. A remote attacker could possibly use\nthis issue to cause OpenSSL to crash, resulting in a denial of\nservice. This issue has only been addressed in Ubuntu 16.04 LTS in\nthis update. (CVE-2016-2177)\n\nCesar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL\ndid not properly use constant-time operations when performing DSA\nsigning. A remote attacker could possibly use this issue to perform a\ncache-timing attack and recover private DSA keys. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the\nlifetime of queue entries in the DTLS implementation. A remote\nattacker could possibly use this issue to consume memory, resulting in\na denial of service. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nTS_OBJ_print_bio() function. A remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the DTLS\nanti-replay feature. A remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division\nresults. A remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and\nTriple DES ciphers were vulnerable to birthday attacks. A remote\nattacker could possibly use this flaw to obtain clear text data from\nlong encrypted sessions. This update moves DES from the HIGH cipher\nlist to MEDIUM. (CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket\nlengths. A remote attacker could use this issue to cause a denial of\nservice. (CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the\nMDC2_Update() function. A remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2016-6306).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3087-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.37\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:59", "description": "Several vulnerabilities were discovered in OpenSSL :\n\n - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/\n\n - CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code.\n\n - CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS.\n\n - CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303 Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() and MDC2_Update().\n\n - CVE-2016-2183 DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack.\n\n - CVE-2016-6302 Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service.\n\n - CVE-2016-6304 Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion.\n\n - CVE-2016-6306 Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "Debian DSA-3673-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3673.NASL", "href": "https://www.tenable.com/plugins/nessus/93668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3673. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93668);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n script_xref(name:\"DSA\", value:\"3673\");\n\n script_name(english:\"Debian DSA-3673-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL :\n\n - CVE-2016-2177\n Guido Vranken discovered that OpenSSL uses undefined\n pointer arithmetic. Additional information can be found\n at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-p\n ointer-arithmetic/\n\n - CVE-2016-2178\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered\n a timing leak in the DSA code.\n\n - CVE-2016-2179 / CVE-2016-2181\n Quan Luo and the OCAP audit team discovered denial of\n service vulnerabilities in DTLS.\n\n - CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303\n Shi Lei discovered an out-of-bounds memory read in\n TS_OBJ_print_bio() and an out-of-bounds write in\n BN_bn2dec() and MDC2_Update().\n\n - CVE-2016-2183\n DES-based cipher suites are demoted from the HIGH group\n to MEDIUM as a mitigation for the SWEET32 attack.\n\n - CVE-2016-6302\n Shi Lei discovered that the use of SHA512 in TLS session\n tickets is susceptible to denial of service.\n\n - CVE-2016-6304\n Shi Lei discovered that excessively large OCSP status\n request may result in denial of service via memory\n exhaustion.\n\n - CVE-2016-6306\n Shi Lei discovered that missing message length\n validation when parsing certificates may potentially\n result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2177\"\n );\n # https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6824788b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3673\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1t-1+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1t-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:30", "description": "USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nShi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service.\n(CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update.\n(CVE-2016-2177)\n\nCesar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. A remote attacker could possibly use this issue to cause a denial of service.\n(CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks.\nA remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM.\n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. A remote attacker could use this issue to cause a denial of service. (CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. A remote attacker could possibly use this issue to cause a denial of service.\n(CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message length checks. A remote attacker could possibly use this issue to cause a denial of service.\n(CVE-2016-6306).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl regression (USN-3087-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3087-2.NASL", "href": "https://www.tenable.com/plugins/nessus/93715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3087-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93715);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n script_xref(name:\"USN\", value:\"3087-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl regression (USN-3087-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182\nwas incomplete and caused a regression when parsing certificates. This\nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nShi Lei discovered that OpenSSL incorrectly handled the OCSP Status\nRequest extension. A remote attacker could possibly use this issue to\ncause memory consumption, resulting in a denial of service.\n(CVE-2016-6304)\n\nGuido Vranken discovered that OpenSSL used undefined\nbehaviour when performing pointer arithmetic. A remote\nattacker could possibly use this issue to cause OpenSSL to\ncrash, resulting in a denial of service. This issue has only\nbeen addressed in Ubuntu 16.04 LTS in this update.\n(CVE-2016-2177)\n\nCesar Pereida, Billy Brumley, and Yuval Yarom discovered\nthat OpenSSL did not properly use constant-time operations\nwhen performing DSA signing. A remote attacker could\npossibly use this issue to perform a cache-timing attack and\nrecover private DSA keys. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict\nthe lifetime of queue entries in the DTLS implementation. A\nremote attacker could possibly use this issue to consume\nmemory, resulting in a denial of service. (CVE-2016-2179)\n\nShi Lei discovered that OpenSSL incorrectly handled memory\nin the TS_OBJ_print_bio() function. A remote attacker could\npossibly use this issue to cause a denial of service.\n(CVE-2016-2180)\n\nIt was discovered that the OpenSSL incorrectly handled the\nDTLS anti-replay feature. A remote attacker could possibly\nuse this issue to cause a denial of service. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated\ndivision results. A remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES\nand Triple DES ciphers were vulnerable to birthday attacks.\nA remote attacker could possibly use this flaw to obtain\nclear text data from long encrypted sessions. This update\nmoves DES from the HIGH cipher list to MEDIUM.\n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain\nticket lengths. A remote attacker could use this issue to\ncause a denial of service. (CVE-2016-6302)\n\nShi Lei discovered that OpenSSL incorrectly handled memory\nin the MDC2_Update() function. A remote attacker could\npossibly use this issue to cause a denial of service.\n(CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed\ncertain message length checks. A remote attacker could\npossibly use this issue to cause a denial of service.\n(CVE-2016-6306).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3087-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.38\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.21\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:13", "description": "The version of MariaDB running on the remote host is 10.1.x prior to 10.1.18. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A security bypass vulnerability exists that allows an authenticated, remote attacker to bypass file access restrictions and create the /var/lib/mysql/my.cnf file with arbitrary contents without the FILE privilege requirement. (CVE-2016-6663)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8283)\n\n - A flaw exists in the Item_field::fix_after_pullout() function within file sql/item.cc when handling a prepared statement with conversion to semi-join. An authenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An assertion flaw exists in the mysql_admin_table() function within file sql/sql_admin.cc when handling the re-execution of certain ANALYZE TABLE prepared statements. An authenticated, remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "MariaDB 10.1.x < 10.1.18 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-6664", "CVE-2016-8283"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_1_18.NASL", "href": "https://www.tenable.com/plugins/nessus/95632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95632);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5616\",\n \"CVE-2016-5624\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6663\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92911,\n 93614,\n 93635,\n 93638,\n 93650,\n 93668,\n 93737\n );\n\n script_name(english:\"MariaDB 10.1.x < 10.1.18 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 10.1.x prior to\n10.1.18. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A security bypass vulnerability exists that allows an\n authenticated, remote attacker to bypass file access\n restrictions and create the /var/lib/mysql/my.cnf file\n with arbitrary contents without the FILE privilege\n requirement. (CVE-2016-6663)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-8283)\n\n - A flaw exists in the Item_field::fix_after_pullout()\n function within file sql/item.cc when handling a\n prepared statement with conversion to semi-join. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - An assertion flaw exists in the mysql_admin_table()\n function within file sql/sql_admin.cc when handling\n the re-execution of certain ANALYZE TABLE prepared\n statements. An authenticated, remote attacker can\n exploit this to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-10118-changelog/\");\n # https://mariadb.com/resources/blog/update-on-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-to-mariadb-server/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fefde198\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.1.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'10.1.18-MariaDB', min:'10.1', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:53", "description": "The version of MariaDB running on the remote host is 5.5.x prior to 5.5.52. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent that allows an authenticated remote attacker to cause a denial of service condition. (CVE-2016-5629)\n\n - A security bypass vulnerability exists that allows an authenticated, remote attacker to bypass file access restrictions and create the /var/lib/mysql/my.cnf file with arbitrary contents without the FILE privilege requirement. (CVE-2016-6663)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8283)\n\n - A flaw exists in the Item_field::fix_after_pullout() function within file sql/item.cc when handling a prepared statement with conversion to semi-join. An authenticated, remote attacker can exploit this to cause a denial of service condition.\n\n - An assertion flaw exists in the mysql_admin_table() function within file sql/sql_admin.cc when handling the re-execution of certain ANALYZE TABLE prepared statements. An authenticated, remote attacker can exploit this to cause a denial of service condition.", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "MariaDB 5.5.x < 5.5.52 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3492", "CVE-2016-5616", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-6664", "CVE-2016-8283"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_5_5_52.NASL", "href": "https://www.tenable.com/plugins/nessus/95633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95633);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-3492\",\n \"CVE-2016-5616\",\n \"CVE-2016-5624\",\n \"CVE-2016-5626\",\n \"CVE-2016-5629\",\n \"CVE-2016-6663\",\n \"CVE-2016-8283\"\n );\n script_bugtraq_id(\n 92911,\n 93614,\n 93635,\n 93638,\n 93650,\n 93668,\n 93737\n );\n\n script_name(english:\"MariaDB 5.5.x < 5.5.52 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 5.5.x prior to\n5.5.52. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3492)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-5616)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5624)\n\n - An unspecified flaw exists in the GIS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5626)\n\n - An unspecified flaw exists in the Federated subcomponent\n that allows an authenticated remote attacker to cause a\n denial of service condition. (CVE-2016-5629)\n\n - A security bypass vulnerability exists that allows an\n authenticated, remote attacker to bypass file access\n restrictions and create the /var/lib/mysql/my.cnf file\n with arbitrary contents without the FILE privilege\n requirement. (CVE-2016-6663)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-8283)\n\n - A flaw exists in the Item_field::fix_after_pullout()\n function within file sql/item.cc when handling a\n prepared statement with conversion to semi-join. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - An assertion flaw exists in the mysql_admin_table()\n function within file sql/sql_admin.cc when handling\n the re-execution of certain ANALYZE TABLE prepared\n statements. An authenticated, remote attacker can\n exploit this to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-5552-changelog/\");\n # https://mariadb.com/resources/blog/update-on-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-to-mariadb-server/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fefde198\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 5.5.52 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'5.5.52-MariaDB', min:'5.5', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:20", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of long-term keys to establish an encrypted connection. A man-in-the-middle attacker can exploit this, via a Key Compromise Impersonation (KCI) attack, to impersonate the server.", "cvss3": {}, "published": "2017-06-26T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "href": "https://www.tenable.com/plugins/nessus/101045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101045);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6306\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93150,\n 93153\n );\n\n script_name(english:\"Tenable SecurityCenter OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)\");\n script_summary(english:\"Checks the version of OpenSSL in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains an\nOpenSSL library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the DTLS\n implementation due to a failure to properly restrict the\n lifetime of queue entries associated with unused\n out-of-order messages. An unauthenticated, remote\n attacker can exploit this, by maintaining multiple\n crafted DTLS sessions simultaneously, to exhaust memory.\n (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause \n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the\n Anti-Replay feature in the DTLS implementation due to\n improper handling of epoch sequence numbers in records.\n An unauthenticated, remote attacker can exploit this,\n via spoofed DTLS records, to cause legitimate packets to\n be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the \n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A flaw exists in the GOST ciphersuites due to the use of\n long-term keys to establish an encrypted connection. A\n man-in-the-middle attacker can exploit this, via a Key\n Compromise Impersonation (KCI) attack, to impersonate\n the server.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://static.tenable.com/prod_docs/upgrade_security_center.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160922.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.1 or later.\nAlternatively, contact the vendor for a patch.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/openssl/version\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\ninclude(\"install_func.inc\");\n\napp = \"OpenSSL (within SecurityCenter)\";\nfix = \"1.0.1u\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/openssl/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (\n openssl_ver_cmp(ver:version, fix:\"1.0.1\", same_branch:TRUE, is_min_check:FALSE) >= 0 &&\n openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0\n)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter OpenSSL version : ' + version +\n '\\n Fixed OpenSSL version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:30", "description": "This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High\n\n - OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low\n\n - Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)\n\n - Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)\n\n - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)\n\n - OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)\n\n - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)\n\n - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)\n\n - Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359)\n\n - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)\n\n - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)\n\n - Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on:\n https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed :\n\n - update expired S/MIME certs (bsc#979475)\n\n - improve s390x performance (bsc#982745)\n\n - allow >= 64GB AESGCM transfers (bsc#988591)\n\n - fix crash in print_notice (bsc#998190)\n\n - resume reading from /dev/urandom when interrupted by a signal (bsc#995075)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6306"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93734);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-2179\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-2182\", \"CVE-2016-2183\", \"CVE-2016-6302\", \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-6306\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script
Oracle Critical Patch Update - October 2016
