Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_0_LIBMYSQLCLIENT-DEVEL-091216.NASLHistoryMay 04, 2010 - 12:00 a.m.
openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)
2010-05-0400:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.1
Percentile
94.9%
This update fixes several security issues in mysql :
-
checking server certificates (CVE-2009-4028)
-
error handling in subqueries (CVE-2009-4019)
-
preserving null_value flag in GeomFromWKB (CVE-2009-4019)
-
symlink behavior fixed (CVE-2008-7247)
-
symlink behavior refixed (CVE-2009-4030)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libmysqlclient-devel-1706.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(46218);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-7247", "CVE-2009-4019", "CVE-2009-4028", "CVE-2009-4030");
script_name(english:"openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)");
script_summary(english:"Check for the libmysqlclient-devel-1706 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes several security issues in mysql :
- checking server certificates (CVE-2009-4028)
- error handling in subqueries (CVE-2009-4019)
- preserving null_value flag in GeomFromWKB
(CVE-2009-4019)
- symlink behavior fixed (CVE-2008-7247)
- symlink behavior refixed (CVE-2009-4030)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=557669"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2010-05/msg00000.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libmysqlclient-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cwe_id(20, 59);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient15");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient15-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r15");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-Max");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.0", reference:"libmysqlclient-devel-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libmysqlclient15-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libmysqlclient_r15-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-Max-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-bench-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-client-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-debug-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mysql-tools-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libmysqlclient15-32bit-5.0.51a-27.6") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libmysqlclient_r15-32bit-5.0.51a-27.6") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlclient-devel / libmysqlclient15 / libmysqlclient15-32bit / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libmysqlclient-devel | p-cpe:/a:novell:opensuse:libmysqlclient-devel |
| novell | opensuse | libmysqlclient15 | p-cpe:/a:novell:opensuse:libmysqlclient15 |
| novell | opensuse | libmysqlclient15-32bit | p-cpe:/a:novell:opensuse:libmysqlclient15-32bit |
| novell | opensuse | libmysqlclient_r15 | p-cpe:/a:novell:opensuse:libmysqlclient_r15 |
| novell | opensuse | libmysqlclient_r15-32bit | p-cpe:/a:novell:opensuse:libmysqlclient_r15-32bit |
| novell | opensuse | mysql | p-cpe:/a:novell:opensuse:mysql |
| novell | opensuse | mysql-tools | p-cpe:/a:novell:opensuse:mysql-tools |
| novell | opensuse | 11.0 | cpe:/o:novell:opensuse:11.0 |
| novell | opensuse | mysql-max | p-cpe:/a:novell:opensuse:mysql-max |
| novell | opensuse | mysql-bench | p-cpe:/a:novell:opensuse:mysql-bench |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4030
bugzilla.novell.com/show_bug.cgi?id=557669
lists.opensuse.org/opensuse-updates/2010-05/msg00000.html
Related
nessus
nessus
SuSE 11 Security Update : MySQL (SAT Patch Number 2317)
2010-12-02 00:00:00
openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-1)
2010-05-04 00:00:00
openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0198-2)
2010-05-05 00:00:00
centos
centos
mysql security update
2010-03-01 18:43:17
mysql security update
2013-01-09 20:34:31
mysql security update
2010-02-17 16:42:25
redhat
redhat
(RHSA-2010:0109) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2013:0121) Low: mysql security and bug fix update
2013-01-08 00:00:00
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
mysql security and bug fix update
2013-01-11 00:00:00
mysql security update
2010-02-16 00:00:00
securityvulns
securityvulns
MySQL multiple security vulnerabilities
2010-01-19 00:00:00
[ MDVSA-2010:012 ] mysql
2010-01-19 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2010-0109)
2015-10-06 00:00:00
Fedora Update for mysql FEDORA-2010-1300
2010-03-02 00:00:00
Fedora Update for mysql FEDORA-2010-1348
2010-03-02 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: mysql-5.1.42-7.fc12
2010-02-02 01:18:20
[SECURITY] Fedora 11 Update: mysql-5.1.42-7.fc11
2010-02-02 01:06:45
[SECURITY] Fedora 11 Update: mysql-5.1.41-2.fc11
2009-12-22 04:54:08
osv
osv
mysql-dfsg-5.0 - several vulnerabilities
2010-02-14 00:00:00
debian
debian
ubuntu
ubuntu
MySQL vulnerabilities
2010-02-10 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
seebug
seebug
MySQL vulnerabilities
2010-02-13 00:00:00
MySQL MyISAM表符号链接本地权限提升漏洞
2009-12-02 00:00:00
MySQL CREATE TABLE调用绕过访问限制漏洞
2009-12-02 00:00:00
ubuntucve
ubuntucve
cve
cve
prion
prion
Design/Logic Flaw
2009-11-30 17:30:00
Design/Logic Flaw
2009-11-30 17:30:00
Code injection
2009-11-30 17:30:00
veracode
veracode
Spoofing Attack
2020-04-10 00:43:12
Privilege Escalation
2020-04-10 00:43:13
Denial Of Service (DoS)
2020-04-10 00:43:12
nvd
nvd
cvelist
cvelist
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.1
Percentile
94.9%
Related for SUSE_11_0_LIBMYSQLCLIENT-DEVEL-091216.NASL