Lucene search
This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_5_58_RPM.NASLHistoryOct 19, 2017 - 12:00 a.m.
MySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)
2017-10-1900:00:00
This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
236
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.1%
The version of MySQL running on the remote host is 5.5.x prior to 5.5.58. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(103965);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03");
script_cve_id(
"CVE-2017-10268",
"CVE-2017-10378",
"CVE-2017-10379",
"CVE-2017-10384"
);
script_bugtraq_id(
101375,
101390,
101406,
101415
);
script_name(english:"MySQL 5.5.x < 5.5.58 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)");
script_summary(english:"Checks the version of MySQL server.");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.5.x prior to
5.5.58. It is, therefore, affected by multiple vulnerabilities as
noted in the October 2017 Critical Patch Update advisory. Please
consult the CVRF details for the applicable CVEs for additional
information.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html");
# http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e");
script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2307762.1");
# https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e9f2a38");
script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.5.58 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10379");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release");
exit(0);
}
include("mysql_version.inc");
fix_version = "5.5.58";
exists_version = "5.5";
mysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | mysql | cpe:/a:oracle:mysql | |
| amazon | linux | mysql | p-cpe:/a:amazon:linux:mysql |
| centos | centos | mysql | p-cpe:/a:centos:centos:mysql |
| fedoraproject | fedora | mysql | p-cpe:/a:fedoraproject:fedora:mysql |
| fermilab | scientific_linux | mysql | p-cpe:/a:fermilab:scientific_linux:mysql |
| novell | opensuse | mysql | p-cpe:/a:novell:opensuse:mysql |
| novell | suse_linux | mysql | p-cpe:/a:novell:suse_linux:mysql |
| oracle | linux | mysql | p-cpe:/a:oracle:linux:mysql |
| redhat | enterprise_linux | mysql | p-cpe:/a:redhat:enterprise_linux:mysql |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10384
www.nessus.org/u?1e07fa0e
www.nessus.org/u?8e9f2a38
dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
support.oracle.com/rs?type=doc&id=2307762.1
Related
osv
osv
mysql-5.5 - security update
2017-10-19 00:00:00
mysql-5.5 - security update
2017-10-19 00:00:00
CVE-2017-10384
2017-10-19 17:29:05
nessus
nessus
SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2996-1)
2017-11-13 00:00:00
Debian DSA-4002-1 : mysql-5.5 - security update
2017-10-20 00:00:00
Amazon Linux AMI : mysql55 (ALAS-2017-927)
2017-12-07 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1141-1)
2018-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2996-1)
2021-06-09 00:00:00
Debian: Security Advisory (DSA-4002-1)
2017-10-18 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2017-10-30 00:00:00
MySQL vulnerabilities
2017-10-23 00:00:00
suse
suse
Security update for mysql (important)
2017-11-11 00:07:25
Security update for mysql-community-server (important)
2017-10-27 18:28:48
Security update for mariadb (important)
2018-03-15 21:07:44
amazon
amazon
Medium: mysql55
2017-12-05 21:54:00
Important: mysql56, mysql57
2017-12-05 21:50:00
Medium: mariadb
2018-09-12 22:57:00
debian
debian
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
[SECURITY] [DLA 1141-1] mysql-5.5 security update
2017-10-19 18:15:56
slackware
slackware
[slackware-security] mariadb
2017-11-03 06:23:58
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2017-12-21 21:18:18
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
f5
f5
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.20-1.fc25
2017-11-06 23:33:59
[SECURITY] Fedora 27 Update: community-mysql-5.7.20-1.fc27
2017-11-11 13:51:45
[SECURITY] Fedora 26 Update: community-mysql-5.7.20-1.fc26
2017-11-06 23:35:05
redhat
redhat
(RHSA-2017:3265) Important: rh-mysql56-mysql security update
2017-11-27 18:24:50
(RHSA-2017:3442) Important: rh-mysql57-mysql security update
2017-12-12 12:52:23
redhatcve
redhatcve
ubuntucve
ubuntucve
mariadbunix
mariadbunix
cve
cve
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2017-10268
2017-10-19 17:29:01
CVE-2017-10378
2017-10-19 17:29:05
prion
prion
Design/Logic Flaw
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00
debiancve
debiancve
CVE-2017-10268
2017-10-19 17:29:00
CVE-2017-10378
2017-10-19 17:29:00
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:51
Privilege Escalation
2019-05-02 06:37:50
Privilege Escalation
2019-05-02 06:37:51
ibm
ibm
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-10-18 00:00:00
centos
centos
mariadb security update
2018-08-21 01:08:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2018-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.1%
Related for MYSQL_5_5_58_RPM.NASL