Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310702667
HistoryMay 11, 2013 - 12:00 a.m.

Debian: Security Advisory (DSA-2667-1)

2013-05-1100:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
3

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.702667");
  script_cve_id("CVE-2013-1502", "CVE-2013-1511", "CVE-2013-1532", "CVE-2013-1544", "CVE-2013-2375", "CVE-2013-2376", "CVE-2013-2389", "CVE-2013-2391", "CVE-2013-2392");
  script_tag(name:"creation_date", value:"2013-05-11 22:00:00 +0000 (Sat, 11 May 2013)");
  script_version("2024-02-01T14:37:10+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_name("Debian: Security Advisory (DSA-2667-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");

  script_xref(name:"Advisory-ID", value:"DSA-2667-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2013/DSA-2667-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2667");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'mysql-5.5' package(s) announced via the DSA-2667-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects.

For the stable distribution (wheezy), these problems have been fixed in version 5.5.31+dfsg-0+wheezy1.

For the unstable distribution (sid), these problems have been fixed in version 5.5.31+dfsg-1.

We recommend that you upgrade your mysql-5.5 packages.");

  script_tag(name:"affected", value:"'mysql-5.5' package(s) on Debian 7.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB7") {

  if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient-dev", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmysqlclient18", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmysqld-dev", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmysqld-pic", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-client", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-client-5.5", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-common", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-core-5.5", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-source-5.5", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"mysql-testsuite-5.5", ver:"5.5.31+dfsg-0+wheezy1", rls:"DEB7"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 20
debian 1
nessus 16
ubuntu 2
amazon 2
veracode 13
centos 1
oraclelinux 1
redhat 1
mariadbunix 9
cvelist 9
ubuntucve 9
nvd 9
prion 9
cve 9
gentoo 1
securityvulns 1
oracle 1
openvas
openvas
Debian Security Advisory DSA 2667-1 (mysql-5.5 - several vulnerabilities)
2013-05-12 00:00:00
Oracle MySQL Server <= 5.1.68 / 5.5 <= 5.5.30 / 5.6 <= 5.6.10 Security Update (cpuapr2013) - Windows
2021-02-09 00:00:00
Oracle MySQL Server <= 5.1.68 / 5.5 <= 5.5.30 / 5.6 <= 5.6.10 Security Update (cpuapr2013) - Linux
2013-04-22 00:00:00
debian
debian
[SECURITY] [DSA 2667-1] mysql-5.5 security update
2013-05-12 19:35:40
nessus
nessus
Debian DSA-2667-1 : mysql-5.5 - several vulnerabilities
2013-05-13 00:00:00
MariaDB 5.5.0 < 5.5.31 Multiple Vulnerabilities
2022-11-18 00:00:00
MariaDB 10.0.0 < 10.0.3 Multiple Vulnerabilities
2022-11-18 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2013-04-25 00:00:00
MySQL vulnerabilities
2013-04-25 00:00:00
amazon
amazon
Important: mysql51
2013-04-25 20:40:00
Important: mysql55
2013-04-25 20:40:00
veracode
veracode
Improper Access Control
2019-05-02 04:44:48
Improper Access Control
2019-05-02 04:44:49
Authentication Bypass
2019-05-02 04:44:50
centos
centos
mysql security update
2013-04-25 20:16:01
oraclelinux
oraclelinux
mysql security update
2013-04-25 00:00:00
redhat
redhat
(RHSA-2013:0772) Important: mysql security update
2013-04-25 00:00:00
mariadbunix
mariadbunix
CVE-2013-1502
2013-04-17 12:14:00
CVE-2013-2391
2013-04-17 17:55:00
CVE-2013-2389
2013-04-17 17:55:00
cvelist
cvelist
CVE-2013-1502
2013-04-17 05:04:00
CVE-2013-2376
2013-04-17 14:00:00
CVE-2013-2391
2013-04-17 14:00:00
ubuntucve
ubuntucve
CVE-2013-1502
2013-04-17 00:00:00
CVE-2013-2391
2013-04-17 00:00:00
CVE-2013-2392
2013-04-17 00:00:00
nvd
nvd
CVE-2013-1502
2013-04-17 12:14:51
CVE-2013-2391
2013-04-17 17:55:06
CVE-2013-2392
2013-04-17 17:55:06
prion
prion
Design/Logic Flaw
2013-04-17 17:55:00
Design/Logic Flaw
2013-04-17 17:55:00
Design/Logic Flaw
2013-04-17 12:14:00
cve
cve
CVE-2013-2391
2013-04-17 17:55:06
CVE-2013-1502
2013-04-17 12:14:51
CVE-2013-1544
2013-04-17 12:19:44
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
2013-05-04 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON
Related for OPENVAS:1361412562310702667
openvas20debian1nessus16ubuntu2amazon2veracode13centos1oraclelinux1redhat1mariadbunix9cvelist9ubuntucve9nvd9prion9cve9gentoo1securityvulns1oracle1