CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
EPSS
Percentile
88.2%
Update to MySQL 5.5.20, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html as well as security fixes described at http://www.oracle.com/technetwork/topics/security/cpujan 2012-366304.html
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-0972.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57865);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2011-2262", "CVE-2012-0075", "CVE-2012-0112", "CVE-2012-0113", "CVE-2012-0114", "CVE-2012-0115", "CVE-2012-0116", "CVE-2012-0117", "CVE-2012-0118", "CVE-2012-0119", "CVE-2012-0120", "CVE-2012-0484", "CVE-2012-0485", "CVE-2012-0486", "CVE-2012-0487", "CVE-2012-0488", "CVE-2012-0489", "CVE-2012-0490", "CVE-2012-0491", "CVE-2012-0492", "CVE-2012-0493", "CVE-2012-0494", "CVE-2012-0495", "CVE-2012-0496");
script_bugtraq_id(51488, 51493, 51503, 51504, 51506, 51507, 51508, 51510, 51511, 51513, 51514, 51515, 51516, 51517, 51518, 51519, 51520, 51521, 51522, 51523, 51524, 51525, 51526);
script_xref(name:"FEDORA", value:"2012-0972");
script_name(english:"Fedora 16 : mysql-5.5.20-1.fc16 (2012-0972)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Update to MySQL 5.5.20, for various fixes described at
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html
as well as security fixes described at
http://www.oracle.com/technetwork/topics/security/cpujan
2012-366304.html
- Re-include the mysqld logrotate script, now that it's
not so bogus
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html
script_set_attribute(
attribute:"see_also",
value:"https://dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html"
);
# http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?11da589e"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783793"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783794"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783799"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783800"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783801"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783802"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783803"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783804"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783805"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783806"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783807"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783808"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783809"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783810"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783812"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783813"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783814"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783815"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783816"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783817"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783818"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783819"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783820"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=783821"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-February/072907.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?11bbe4c3"
);
script_set_attribute(attribute:"solution", value:"Update the affected mysql package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC16", reference:"mysql-5.5.20-1.fc16")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2262
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0492
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0493
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0496
www.nessus.org/u?11bbe4c3
www.nessus.org/u?11da589e
bugzilla.redhat.com/show_bug.cgi?id=783793
bugzilla.redhat.com/show_bug.cgi?id=783794
bugzilla.redhat.com/show_bug.cgi?id=783799
bugzilla.redhat.com/show_bug.cgi?id=783800
bugzilla.redhat.com/show_bug.cgi?id=783801
bugzilla.redhat.com/show_bug.cgi?id=783802
bugzilla.redhat.com/show_bug.cgi?id=783803
bugzilla.redhat.com/show_bug.cgi?id=783804
bugzilla.redhat.com/show_bug.cgi?id=783805
bugzilla.redhat.com/show_bug.cgi?id=783806
bugzilla.redhat.com/show_bug.cgi?id=783807
bugzilla.redhat.com/show_bug.cgi?id=783808
bugzilla.redhat.com/show_bug.cgi?id=783809
bugzilla.redhat.com/show_bug.cgi?id=783810
bugzilla.redhat.com/show_bug.cgi?id=783812
bugzilla.redhat.com/show_bug.cgi?id=783813
bugzilla.redhat.com/show_bug.cgi?id=783814
bugzilla.redhat.com/show_bug.cgi?id=783815
bugzilla.redhat.com/show_bug.cgi?id=783816
bugzilla.redhat.com/show_bug.cgi?id=783817
bugzilla.redhat.com/show_bug.cgi?id=783818
bugzilla.redhat.com/show_bug.cgi?id=783819
bugzilla.redhat.com/show_bug.cgi?id=783820
bugzilla.redhat.com/show_bug.cgi?id=783821
dev.mysql.com/doc/refman/5.5/en/news-5-5-20.html