Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310841406
HistoryApr 25, 2013 - 12:00 a.m.

Ubuntu: Security Advisory (USN-1807-1)

2013-04-2500:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.026

Percentile

90.5%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.841406");
  script_cve_id("CVE-2012-0553", "CVE-2013-1492", "CVE-2013-1502", "CVE-2013-1506", "CVE-2013-1511", "CVE-2013-1512", "CVE-2013-1521", "CVE-2013-1523", "CVE-2013-1526", "CVE-2013-1532", "CVE-2013-1544", "CVE-2013-1552", "CVE-2013-1555", "CVE-2013-1623", "CVE-2013-2375", "CVE-2013-2376", "CVE-2013-2378", "CVE-2013-2389", "CVE-2013-2391", "CVE-2013-2392");
  script_tag(name:"creation_date", value:"2013-04-25 05:18:28 +0000 (Thu, 25 Apr 2013)");
  script_version("2024-02-02T05:06:04+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_name("Ubuntu: Security Advisory (USN-1807-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04\ LTS|11\.10|12\.04\ LTS|12\.10)");

  script_xref(name:"Advisory-ID", value:"USN-1807-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1807-1");
  script_xref(name:"URL", value:"http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html");
  script_xref(name:"URL", value:"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html");
  script_xref(name:"URL", value:"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'mysql-5.1, mysql-5.5, mysql-dfsg-5.1' package(s) announced via the USN-1807-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10.
Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
[link moved to references]
[link moved to references]
[link moved to references]");

  script_tag(name:"affected", value:"'mysql-5.1, mysql-5.5, mysql-dfsg-5.1' package(s) on Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU10.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.1", ver:"5.1.69-0ubuntu0.10.04.1", rls:"UBUNTU10.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU11.10") {

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.1", ver:"5.1.69-0ubuntu0.11.10.1", rls:"UBUNTU11.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU12.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.31-0ubuntu0.12.04.1", rls:"UBUNTU12.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU12.10") {

  if(!isnull(res = isdpkgvuln(pkg:"mysql-server-5.5", ver:"5.5.31-0ubuntu0.12.10.1", rls:"UBUNTU12.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 29
ubuntu 2
nessus 22
debian 1
veracode 14
amazon 2
oraclelinux 1
centos 1
redhat 1
prion 20
ubuntucve 20
cvelist 20
cve 20
nvd 20
mariadbunix 17
f5 2
zdi 1
gentoo 1
oracle 1
securityvulns 1
openvas
openvas
Ubuntu Update for mysql-5.5 USN-1807-2
2013-06-14 00:00:00
Ubuntu: Security Advisory (USN-1807-2)
2013-06-14 00:00:00
Debian Security Advisory DSA 2667-1 (mysql-5.5 - several vulnerabilities)
2013-05-12 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2013-04-25 00:00:00
MySQL vulnerabilities
2013-04-25 00:00:00
nessus
nessus
Ubuntu 13.04 : mysql-5.5 vulnerabilities (USN-1807-2)
2013-04-26 00:00:00
Debian DSA-2667-1 : mysql-5.5 - several vulnerabilities
2013-05-13 00:00:00
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1)
2013-04-25 00:00:00
debian
debian
[SECURITY] [DSA 2667-1] mysql-5.5 security update
2013-05-12 19:35:40
veracode
veracode
Improper Access Control
2019-05-02 04:44:48
Improper Access Control
2019-05-02 04:44:49
Improper Access Control
2019-05-02 04:44:49
amazon
amazon
Important: mysql51
2013-04-25 20:40:00
Important: mysql55
2013-04-25 20:40:00
oraclelinux
oraclelinux
mysql security update
2013-04-25 00:00:00
centos
centos
mysql security update
2013-04-25 20:16:01
redhat
redhat
(RHSA-2013:0772) Important: mysql security update
2013-04-25 00:00:00
prion
prion
Buffer overflow
2013-03-28 23:55:00
Buffer overflow
2013-03-28 23:55:00
Design/Logic Flaw
2013-04-17 12:14:00
ubuntucve
ubuntucve
CVE-2012-0553
2013-03-28 00:00:00
CVE-2013-1492
2013-03-28 00:00:00
CVE-2013-1506
2013-04-17 00:00:00
cvelist
cvelist
CVE-2012-0553
2013-03-28 23:00:00
CVE-2013-1492
2013-03-28 23:00:00
CVE-2013-1506
2013-04-17 05:04:00
cve
cve
CVE-2013-1492
2013-03-28 23:55:01
CVE-2012-0553
2013-03-28 23:55:01
CVE-2013-1506
2013-04-17 12:14:51
nvd
nvd
CVE-2012-0553
2013-03-28 23:55:01
CVE-2013-1492
2013-03-28 23:55:01
CVE-2013-1506
2013-04-17 12:14:51
mariadbunix
mariadbunix
CVE-2013-1506
2013-04-17 12:14:51
CVE-2013-1502
2013-04-17 12:14:51
CVE-2013-2391
2013-04-17 17:55:06
f5
f5
SOL15622 - wolfSSL CyaSSL vulnerability CVE-2013-1623
2014-09-24 00:00:00
K15622 : wolfSSL CyaSSL vulnerability CVE-2013-1623
2014-09-25 00:00:00
zdi
zdi
MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability
2013-11-24 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
2013-05-04 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.026

Percentile

90.5%

JSON
Related for OPENVAS:1361412562310841406
openvas29ubuntu2nessus22debian1veracode14amazon2oraclelinux1centos1redhat1prion20ubuntucve20cvelist20cve20nvd20mariadbunix17f52zdi1gentoo1oracle1securityvulns1