CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
93.6%
Update to 5.5.40
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-14791.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79671);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-5615", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6478", "CVE-2014-6484", "CVE-2014-6495", "CVE-2014-6505", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551");
script_bugtraq_id(56766, 69732, 70455, 70462, 70486, 70489, 70496, 70510, 70516, 70517, 70532);
script_xref(name:"FEDORA", value:"2014-14791");
script_name(english:"Fedora 20 : mariadb-galera-5.5.40-2.fc20 (2014-14791)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Update to 5.5.40
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1126271"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153461"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153462"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153466"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153467"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153485"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153489"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153491"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153493"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153494"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=882608"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145119.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?75fe361e"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mariadb-galera package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mariadb-galera");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"mariadb-galera-5.5.40-2.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb-galera");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
www.nessus.org/u?75fe361e
bugzilla.redhat.com/show_bug.cgi?id=1126271
bugzilla.redhat.com/show_bug.cgi?id=1153461
bugzilla.redhat.com/show_bug.cgi?id=1153462
bugzilla.redhat.com/show_bug.cgi?id=1153466
bugzilla.redhat.com/show_bug.cgi?id=1153467
bugzilla.redhat.com/show_bug.cgi?id=1153485
bugzilla.redhat.com/show_bug.cgi?id=1153489
bugzilla.redhat.com/show_bug.cgi?id=1153491
bugzilla.redhat.com/show_bug.cgi?id=1153493
bugzilla.redhat.com/show_bug.cgi?id=1153494
bugzilla.redhat.com/show_bug.cgi?id=882608