Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-539.NASL
HistoryMay 30, 2018 - 12:00 a.m.

openSUSE Security Update : perl-DBD-mysql (openSUSE-2018-539) (BACKRONYM)

2018-05-3000:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

This update for perl-DBD-mysql fixes the following issues :

  • CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting’s documentation has a 'your communication with the server will be encrypted' statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059)

  • CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095)

This update was imported from the SUSE:SLE-12:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-539.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(110214);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-3152", "CVE-2017-10788", "CVE-2017-10789");

  script_name(english:"openSUSE Security Update : perl-DBD-mysql (openSUSE-2018-539) (BACKRONYM)");
  script_summary(english:"Check for the openSUSE-2018-539 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for perl-DBD-mysql fixes the following issues :

  - CVE-2017-10789: The DBD::mysql module when with
    mysql_ssl=1 setting enabled, means that SSL is optional
    (even though this setting's documentation has a \'your
    communication with the server will be encrypted\'
    statement), which could lead man-in-the-middle attackers
    to spoof servers via a cleartext-downgrade attack, a
    related issue to CVE-2015-3152. (bsc#1047059)

  - CVE-2017-10788: The DBD::mysql module through 4.043 for
    Perl allows remote attackers to cause a denial of
    service (use-after-free and application crash) or
    possibly have unspecified other impact by triggering (1)
    certain error responses from a MySQL server or (2) a
    loss of a network connection to a MySQL server. The
    use-after-free defect was introduced by relying on
    incorrect Oracle mysql_stmt_close documentation and code
    examples. (bsc#1047095)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047059"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047095"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected perl-DBD-mysql packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DBD-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DBD-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DBD-mysql-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/29");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"perl-DBD-mysql-4.021-18.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-DBD-mysql-debuginfo-4.021-18.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-DBD-mysql-debugsource-4.021-18.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-mysql / perl-DBD-mysql-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuseperl-dbd-mysqlp-cpe:/a:novell:opensuse:perl-dbd-mysql
novellopensuseperl-dbd-mysql-debuginfop-cpe:/a:novell:opensuse:perl-dbd-mysql-debuginfo
novellopensuseperl-dbd-mysql-debugsourcep-cpe:/a:novell:opensuse:perl-dbd-mysql-debugsource
novellopensuse42.3cpe:/o:novell:opensuse:42.3

Related

openvas 43
debian 3
suse 5
nessus 55
nvd 4
osv 5
mageia 3
ubuntucve 4
cvelist 4
prion 4
cve 4
redhatcve 2
debiancve 2
ubuntu 1
fedora 5
f5 2
freebsd 1
mariadbunix 1
amazon 3
slackware 1
securityvulns 2
oraclelinux 1
redhat 3
centos 1
veracode 1
cloudlinux 1
rosalinux 1
openvas
openvas
openSUSE: Security Advisory for perl-DBD-mysql (openSUSE-SU-2018:1463-1)
2018-05-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1449-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-1079-1)
2018-02-06 00:00:00
debian
debian
[SECURITY] [DLA 1079-1] libdbd-mysql-perl security update
2017-08-31 11:58:27
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
2015-07-20 05:25:41
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
2015-07-20 05:25:41
suse
suse
Security update for perl-DBD-mysql (moderate)
2018-05-29 18:07:51
Security update for mariadb (important)
2015-07-21 16:08:23
Security update to MySQL 5.6.27 (important)
2015-12-10 12:12:21
nessus
nessus
SUSE SLES11 Security Update : perl-DBD-mysql (SUSE-SU-2018:1449-1) (BACKRONYM)
2018-05-29 00:00:00
SUSE SLES12 Security Update : perl-DBD-mysql (SUSE-SU-2018:1450-1) (BACKRONYM)
2018-05-29 00:00:00
Debian DLA-1079-1 : libdbd-mysql-perl security update
2017-09-01 00:00:00
nvd
nvd
CVE-2017-10789
2017-07-01 18:29:00
CVE-2017-10788
2017-07-01 18:29:00
CVE-2015-3152
2016-05-16 10:59:01
osv
osv
CVE-2017-10789
2017-07-01 18:29:00
libdbd-mysql-perl - security update
2017-08-30 00:00:00
libdbd-mysql-perl vulnerabilities
2022-04-01 20:31:18
mageia
mageia
Updated perl-DBD-mysql packages fix security vulnerabilities
2018-06-14 21:14:36
Updated perl-DBD-mysql packages fix security vulnerability
2018-01-03 17:22:14
Updated mariadb package fixes security vulnerabilities
2015-07-27 12:53:07
ubuntucve
ubuntucve
CVE-2017-10789
2017-07-01 00:00:00
CVE-2017-10788
2017-07-01 00:00:00
CVE-2015-3152
2016-05-16 00:00:00
cvelist
cvelist
CVE-2017-10789
2017-07-01 18:00:00
CVE-2017-10788
2017-07-01 18:00:00
CVE-2015-3152
2016-05-16 10:00:00
prion
prion
Sql injection
2017-07-01 18:29:00
Double free
2017-07-01 18:29:00
Buffer overflow
2016-05-16 10:59:00
cve
cve
CVE-2017-10789
2017-07-01 18:29:00
CVE-2017-10788
2017-07-01 18:29:00
CVE-2015-3152
2016-05-16 10:59:01
redhatcve
redhatcve
CVE-2017-10789
2017-07-04 10:49:05
CVE-2017-10788
2017-07-04 10:48:45
debiancve
debiancve
CVE-2017-10789
2017-07-01 18:29:00
CVE-2017-10788
2017-07-01 18:29:00
ubuntu
ubuntu
DBD::mysql vulnerabilities
2022-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: perl-DBD-MySQL-4.043-1.fc25
2017-07-13 19:20:20
[SECURITY] Fedora 26 Update: perl-DBD-MySQL-4.043-1.fc26
2017-07-13 14:51:43
[SECURITY] Fedora 27 Update: perl-DBD-MySQL-4.043-6.fc27
2017-12-18 18:52:17
f5
f5
K16845 : MySQL vulnerability CVE-2015-3152
2015-07-02 00:00:00
SOL16845 - MySQL vulnerability CVE-2015-3152
2015-07-02 00:00:00
freebsd
freebsd
mysql -- SSL Downgrade
2015-03-20 00:00:00
mariadbunix
mariadbunix
CVE-2015-3152
2016-05-16 10:59:00
amazon
amazon
Medium: php55
2015-08-17 12:41:00
Medium: php54
2015-08-17 12:39:00
Medium: php56
2015-08-17 12:46:00
slackware
slackware
[slackware-security] php
2015-07-17 20:25:21
securityvulns
securityvulns
[SECURITY] [DSA 3311-1] mariadb-10.0 security update
2015-07-20 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oraclelinux
oraclelinux
mariadb security update
2015-08-24 00:00:00
redhat
redhat
(RHSA-2015:1665) Moderate: mariadb security update
2015-08-24 00:00:00
(RHSA-2015:1647) Moderate: mariadb55-mariadb security update
2015-08-20 00:00:00
(RHSA-2015:1646) Important: rh-mariadb100-mariadb security update
2015-08-20 00:00:00
centos
centos
mariadb security update
2015-08-25 16:08:22
veracode
veracode
Man-in-the-Middle Attack
2019-05-02 05:17:59
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON
Related for OPENSUSE-2018-539.NASL
openvas43debian3suse5nessus55nvd4osv5mageia3ubuntucve4cvelist4prion4cve4redhatcve2debiancve2ubuntu1fedora5f52freebsd1mariadbunix1amazon3slackware1securityvulns2oraclelinux1redhat3centos1veracode1cloudlinux1rosalinux1