Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2012-1462.NASL
HistoryNov 15, 2012 - 12:00 a.m.

RHEL 6 : mysql (RHSA-2012:1462)

2012-11-1500:00:00
This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1462 advisory.

  • mysql: unspecified vulnerability related to GIS extension DoS (CPU Jul 2012) (CVE-2012-0540)

  • mysql: unspecified DoS vulnerability related to DML (CPU Apr 2012) (CVE-2012-1688)

  • mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jul 2012) (CVE-2012-1689, CVE-2012-1734)

  • mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012) (CVE-2012-1690, CVE-2012-1703)

  • mysql: incorrect type cast in check_scramble() leading to authentication bypass (CVE-2012-2122)

  • mysql: crash caused by wrong calculation of key length for sort order index (CVE-2012-2749)

  • mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012) (CVE-2012-3150, CVE-2012-3180)

  • mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012) (CVE-2012-3158)

  • mysql: unspecified vulnerability in Server Installation leading to information disclosure (CPU Oct 2012) (CVE-2012-3160)

  • mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012) (CVE-2012-3163)

  • mysql: unspecified DoS vulnerability related to InnoDB (CPU Oct 2012) (CVE-2012-3166)

  • mysql: unspecified DoS vulnerability related to Server Full Text Search (CPU Oct 2012) (CVE-2012-3167)

  • mysql: unspecified DoS vulnerability related to InnoDB Plugin (CPU Oct 2012) (CVE-2012-3173)

  • mysql: unspecified Server DoS vulnerability (CPU Oct 2012) (CVE-2012-3177)

  • mysql: unspecified DoS vulnerability related to Server Replication (CPU Oct 2012) (CVE-2012-3197)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2012:1462. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(62923);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/21");

  script_cve_id(
    "CVE-2012-0540",
    "CVE-2012-1688",
    "CVE-2012-1689",
    "CVE-2012-1690",
    "CVE-2012-1703",
    "CVE-2012-1734",
    "CVE-2012-2122",
    "CVE-2012-2749",
    "CVE-2012-3150",
    "CVE-2012-3158",
    "CVE-2012-3160",
    "CVE-2012-3163",
    "CVE-2012-3166",
    "CVE-2012-3167",
    "CVE-2012-3173",
    "CVE-2012-3177",
    "CVE-2012-3180",
    "CVE-2012-3197"
  );
  script_bugtraq_id(
    53058,
    53067,
    53074,
    54540,
    54547,
    54551,
    55120,
    55990,
    56003,
    56005,
    56017,
    56018,
    56021,
    56027,
    56028,
    56036,
    56041
  );
  script_xref(name:"RHSA", value:"2012:1462");

  script_name(english:"RHEL 6 : mysql (RHSA-2012:1462)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for mysql.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2012:1462 advisory.

  - mysql: unspecified vulnerability related to GIS extension DoS  (CPU Jul 2012) (CVE-2012-0540)

  - mysql: unspecified DoS vulnerability related to DML (CPU Apr 2012) (CVE-2012-1688)

  - mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jul 2012) (CVE-2012-1689,
    CVE-2012-1734)

  - mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012) (CVE-2012-1690,
    CVE-2012-1703)

  - mysql: incorrect type cast in check_scramble() leading to authentication bypass (CVE-2012-2122)

  - mysql: crash caused by wrong calculation of key length for sort order index (CVE-2012-2749)

  - mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012) (CVE-2012-3150,
    CVE-2012-3180)

  - mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012) (CVE-2012-3158)

  - mysql: unspecified vulnerability in Server Installation leading to information disclosure (CPU Oct 2012)
    (CVE-2012-3160)

  - mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012) (CVE-2012-3163)

  - mysql: unspecified DoS vulnerability related to InnoDB (CPU Oct 2012) (CVE-2012-3166)

  - mysql: unspecified DoS vulnerability related to Server Full Text Search (CPU Oct 2012) (CVE-2012-3167)

  - mysql: unspecified DoS vulnerability related to InnoDB Plugin (CPU Oct 2012) (CVE-2012-3173)

  - mysql: unspecified Server DoS vulnerability (CPU Oct 2012) (CVE-2012-3177)

  - mysql: unspecified DoS vulnerability related to Server Replication (CPU Oct 2012) (CVE-2012-3197)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-64.html");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-65.html");
  script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html");
  # http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06b485e0");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2012/rhsa-2012_1462.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?28531f1b");
  # http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8643c3d4");
  # http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae37c359");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1462");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814285");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814287");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814293");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833737");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=841349");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=841351");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=841353");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867212");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867213");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867215");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867216");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867217");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867220");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867223");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867230");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867233");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867238");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL mysql package based on the guidance in RHSA-2012:1462.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3163");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-3173");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(305);
  script_set_attribute(attribute:"vendor_severity", value:"Important");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/client/6/6Client/i386/debug',
      'content/dist/rhel/client/6/6Client/i386/optional/debug',
      'content/dist/rhel/client/6/6Client/i386/optional/os',
      'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',
      'content/dist/rhel/client/6/6Client/i386/os',
      'content/dist/rhel/client/6/6Client/i386/source/SRPMS',
      'content/dist/rhel/client/6/6Client/x86_64/debug',
      'content/dist/rhel/client/6/6Client/x86_64/optional/debug',
      'content/dist/rhel/client/6/6Client/x86_64/optional/os',
      'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',
      'content/dist/rhel/client/6/6Client/x86_64/os',
      'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',
      'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',
      'content/dist/rhel/power/6/6Server/ppc64/debug',
      'content/dist/rhel/power/6/6Server/ppc64/optional/debug',
      'content/dist/rhel/power/6/6Server/ppc64/optional/os',
      'content/dist/rhel/power/6/6Server/ppc64/optional/source/SRPMS',
      'content/dist/rhel/power/6/6Server/ppc64/os',
      'content/dist/rhel/power/6/6Server/ppc64/source/SRPMS',
      'content/dist/rhel/server/6/6Server/i386/debug',
      'content/dist/rhel/server/6/6Server/i386/highavailability/debug',
      'content/dist/rhel/server/6/6Server/i386/highavailability/os',
      'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',
      'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',
      'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',
      'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',
      'content/dist/rhel/server/6/6Server/i386/optional/debug',
      'content/dist/rhel/server/6/6Server/i386/optional/os',
      'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',
      'content/dist/rhel/server/6/6Server/i386/os',
      'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',
      'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',
      'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',
      'content/dist/rhel/server/6/6Server/i386/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/debug',
      'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',
      'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',
      'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',
      'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',
      'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/optional/debug',
      'content/dist/rhel/server/6/6Server/x86_64/optional/os',
      'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/os',
      'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',
      'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',
      'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',
      'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',
      'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',
      'content/dist/rhel/system-z/6/6Server/s390x/debug',
      'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',
      'content/dist/rhel/system-z/6/6Server/s390x/optional/os',
      'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',
      'content/dist/rhel/system-z/6/6Server/s390x/os',
      'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/i386/debug',
      'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',
      'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',
      'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/i386/os',
      'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/os',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',
      'content/fastrack/rhel/client/6/i386/debug',
      'content/fastrack/rhel/client/6/i386/optional/debug',
      'content/fastrack/rhel/client/6/i386/optional/os',
      'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',
      'content/fastrack/rhel/client/6/i386/os',
      'content/fastrack/rhel/client/6/i386/source/SRPMS',
      'content/fastrack/rhel/client/6/x86_64/debug',
      'content/fastrack/rhel/client/6/x86_64/optional/debug',
      'content/fastrack/rhel/client/6/x86_64/optional/os',
      'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',
      'content/fastrack/rhel/client/6/x86_64/os',
      'content/fastrack/rhel/client/6/x86_64/source/SRPMS',
      'content/fastrack/rhel/computenode/6/x86_64/debug',
      'content/fastrack/rhel/computenode/6/x86_64/optional/debug',
      'content/fastrack/rhel/computenode/6/x86_64/optional/os',
      'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',
      'content/fastrack/rhel/computenode/6/x86_64/os',
      'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',
      'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',
      'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',
      'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',
      'content/fastrack/rhel/power/6/ppc64/debug',
      'content/fastrack/rhel/power/6/ppc64/optional/debug',
      'content/fastrack/rhel/power/6/ppc64/optional/os',
      'content/fastrack/rhel/power/6/ppc64/optional/source/SRPMS',
      'content/fastrack/rhel/power/6/ppc64/os',
      'content/fastrack/rhel/power/6/ppc64/source/SRPMS',
      'content/fastrack/rhel/server/6/i386/debug',
      'content/fastrack/rhel/server/6/i386/highavailability/debug',
      'content/fastrack/rhel/server/6/i386/highavailability/os',
      'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',
      'content/fastrack/rhel/server/6/i386/loadbalancer/debug',
      'content/fastrack/rhel/server/6/i386/loadbalancer/os',
      'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',
      'content/fastrack/rhel/server/6/i386/optional/debug',
      'content/fastrack/rhel/server/6/i386/optional/os',
      'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',
      'content/fastrack/rhel/server/6/i386/os',
      'content/fastrack/rhel/server/6/i386/resilientstorage/debug',
      'content/fastrack/rhel/server/6/i386/resilientstorage/os',
      'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',
      'content/fastrack/rhel/server/6/i386/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/debug',
      'content/fastrack/rhel/server/6/x86_64/highavailability/debug',
      'content/fastrack/rhel/server/6/x86_64/highavailability/os',
      'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',
      'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',
      'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/optional/debug',
      'content/fastrack/rhel/server/6/x86_64/optional/os',
      'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/os',
      'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',
      'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',
      'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',
      'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',
      'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',
      'content/fastrack/rhel/server/6/x86_64/source/SRPMS',
      'content/fastrack/rhel/system-z/6/s390x/debug',
      'content/fastrack/rhel/system-z/6/s390x/optional/debug',
      'content/fastrack/rhel/system-z/6/s390x/optional/os',
      'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',
      'content/fastrack/rhel/system-z/6/s390x/os',
      'content/fastrack/rhel/system-z/6/s390x/source/SRPMS',
      'content/fastrack/rhel/workstation/6/i386/debug',
      'content/fastrack/rhel/workstation/6/i386/optional/debug',
      'content/fastrack/rhel/workstation/6/i386/optional/os',
      'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',
      'content/fastrack/rhel/workstation/6/i386/os',
      'content/fastrack/rhel/workstation/6/i386/source/SRPMS',
      'content/fastrack/rhel/workstation/6/x86_64/debug',
      'content/fastrack/rhel/workstation/6/x86_64/optional/debug',
      'content/fastrack/rhel/workstation/6/x86_64/optional/os',
      'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',
      'content/fastrack/rhel/workstation/6/x86_64/os',
      'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',
      'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',
      'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',
      'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'mysql-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-bench-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-bench-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-bench-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-bench-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-embedded-devel-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-5.1.66-1.el6_3', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-5.1.66-1.el6_3', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-5.1.66-1.el6_3', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-5.1.66-1.el6_3', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql / mysql-bench / mysql-devel / mysql-embedded / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxmysqlp-cpe:/a:redhat:enterprise_linux:mysql
redhatenterprise_linuxmysql-benchp-cpe:/a:redhat:enterprise_linux:mysql-bench
redhatenterprise_linuxmysql-develp-cpe:/a:redhat:enterprise_linux:mysql-devel
redhatenterprise_linuxmysql-embeddedp-cpe:/a:redhat:enterprise_linux:mysql-embedded
redhatenterprise_linuxmysql-embedded-develp-cpe:/a:redhat:enterprise_linux:mysql-embedded-devel
redhatenterprise_linuxmysql-libsp-cpe:/a:redhat:enterprise_linux:mysql-libs
redhatenterprise_linuxmysql-serverp-cpe:/a:redhat:enterprise_linux:mysql-server
redhatenterprise_linuxmysql-testp-cpe:/a:redhat:enterprise_linux:mysql-test
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6

References

Related

veracode 16
openvas 39
nessus 42
oraclelinux 2
redhat 2
centos 2
debian 2
ubuntu 2
nvd 15
cve 15
prion 15
cvelist 13
ubuntucve 13
f5 4
seebug 2
canvas 1
securityvulns 2
fedora 2
amazon 2
checkpoint_advisories 1
osv 1
suse 1
metasploit 1
packetstorm 2
thn 1
threatpost 1
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:41:00
Denial Of Service (DoS)
2019-05-02 04:41:02
Denial Of Service (DoS)
2019-05-02 04:41:01
openvas
openvas
RedHat Update for mysql RHSA-2012:1462-01
2012-11-15 00:00:00
CentOS Update for mysql CESA-2012:1462 centos6
2012-11-15 00:00:00
Oracle: Security Advisory (ELSA-2012-1462)
2015-10-06 00:00:00
nessus
nessus
Oracle Linux 6 : mysql (ELSA-2012-1462)
2013-07-12 00:00:00
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20121114)
2012-11-16 00:00:00
CentOS 6 : mysql (CESA-2012:1462)
2012-11-15 00:00:00
oraclelinux
oraclelinux
mysql security update
2012-11-14 00:00:00
mysql security update
2013-01-22 00:00:00
redhat
redhat
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
(RHSA-2013:0180) Important: mysql security update
2013-01-22 00:00:00
centos
centos
mysql security update
2012-11-15 03:44:02
mysql security update
2013-01-22 21:34:28
debian
debian
[SECURITY] [DSA 2581-1] mysql-5.1 security update
2012-12-04 07:01:42
[SECURITY] [DSA 2496-1] mysql-5.1 security update
2012-06-18 20:37:59
ubuntu
ubuntu
MySQL vulnerabilities
2012-11-05 00:00:00
MySQL vulnerabilities
2012-06-11 00:00:00
nvd
nvd
CVE-2012-1690
2012-05-03 22:55:02
CVE-2012-1703
2012-05-03 22:55:02
CVE-2012-3160
2012-10-16 23:55:04
cve
cve
CVE-2012-1690
2012-05-03 22:55:02
CVE-2012-1703
2012-05-03 22:55:02
CVE-2012-3163
2012-10-17 00:55:01
prion
prion
Design/Logic Flaw
2012-05-03 22:55:00
Design/Logic Flaw
2012-05-03 22:55:00
Design/Logic Flaw
2012-10-16 23:55:00
cvelist
cvelist
CVE-2012-1690
2012-05-03 22:00:00
CVE-2012-1703
2012-05-03 22:00:00
CVE-2012-3160
2012-10-16 23:00:00
ubuntucve
ubuntucve
CVE-2012-1690
2012-05-03 00:00:00
CVE-2012-1703
2012-05-03 00:00:00
CVE-2012-3160
2012-10-16 00:00:00
f5
f5
SOL14907 - MySQL Server vulnerability CVE-2012-3163
2014-01-14 00:00:00
K14907 : MySQL Server vulnerability CVE-2012-3163
2014-07-08 00:00:00
K14428 : MySQL vulnerability CVE-2012-2122
2013-09-23 00:00:00
seebug
seebug
Oracle MySQL 5.1.x 拒绝服务漏洞
2012-08-23 00:00:00
MariaDB/MySQL 概率性任意密码(身份认证)登录漏洞(CVE-2012-2122)
2012-06-11 00:00:00
canvas
canvas
Immunity Canvas: MYSQL_LOGIN_REMOTE
2012-06-26 18:55:00
securityvulns
securityvulns
[USN-1467-1] MySQL vulnerabilities
2012-06-12 00:00:00
MySQL authentication vulnerability
2012-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: mysql-5.5.24-1.fc16
2012-06-26 21:30:56
[SECURITY] Fedora 17 Update: mysql-5.5.24-1.fc17
2012-06-17 22:24:29
amazon
amazon
Important: mysql55
2012-07-05 16:07:00
Important: mysql51
2012-11-20 06:26:00
checkpoint_advisories
checkpoint_advisories
MySQL and MariaDB Incorrect Cast Policy Bypass - Ver2 (CVE-2012-2122)
2015-03-26 00:00:00
osv
osv
mysql-5.1 - several
2012-06-18 00:00:00
suse
suse
mysql (CVE-2012-2122) (important)
2012-07-11 11:08:34
metasploit
metasploit
MySQL Authentication Bypass Password Dump
2012-06-17 11:19:53
packetstorm
packetstorm
MySQL Remote Root Authentication Bypass
2012-06-12 00:00:00
Kartoo Search Engine XSS / Remote File Inclusion
2013-11-19 00:00:00
thn
thn
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
2012-06-11 07:29:00
threatpost
threatpost
Trivial Password Flaw Leaves MySQL Databases Exposed
2012-06-11 14:03:23

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON
Related for REDHAT-RHSA-2012-1462.NASL
veracode16openvas39nessus42oraclelinux2redhat2centos2debian2ubuntu2nvd15cve15prion15cvelist13ubuntucve13f54seebug2canvas1securityvulns2fedora2amazon2checkpoint_advisories1osv1suse1metasploit1packetstorm2thn1threatpost1