Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201506201HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2015:0620-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
10
suse linux enterprise
mysql
security advisory
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.973
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2015.0620.1");
script_cve_id("CVE-2012-5615", "CVE-2014-0224", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6474", "CVE-2014-6478", "CVE-2014-6484", "CVE-2014-6489", "CVE-2014-6491", "CVE-2014-6494", "CVE-2014-6495", "CVE-2014-6496", "CVE-2014-6500", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6564", "CVE-2014-6568", "CVE-2015-0374", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0385", "CVE-2015-0391", "CVE-2015-0409", "CVE-2015-0411", "CVE-2015-0432");
script_tag(name:"creation_date", value:"2021-06-09 14:58:13 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:48+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:48 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2015-01-22 22:12:53 +0000 (Thu, 22 Jan 2015)");
script_name("SUSE: Security Advisory (SUSE-SU-2015:0620-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2015:0620-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2015/suse-su-20150620-1/");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html");
script_xref(name:"URL", value:"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MySQL' package(s) announced via the SUSE-SU-2015:0620-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The MySQL datebase server was updated to 5.5.42, fixing various bugs and security issues.
More information can be found on:
* [link moved to references]
* [link moved to references]
* [link moved to references] Also various issues with the mysql start script were fixed.
(bsc#868673,bsc#878779)
Security Issues:
* CVE-2015-0411
* CVE-2015-0382
* CVE-2015-0381
* CVE-2015-0391
* CVE-2015-0432
* CVE-2015-0409
* CVE-2014-6568
* CVE-2015-0385
* CVE-2015-0374
* CVE-2012-5615
* CVE-2014-0224
* CVE-2014-4274
* CVE-2014-4287
* CVE-2014-6463
* CVE-2014-6464
* CVE-2014-6469
* CVE-2014-6474
* CVE-2014-6478
* CVE-2014-6484
* CVE-2014-6489
* CVE-2014-6491
* CVE-2014-6494
* CVE-2014-6495
* CVE-2014-6496
* CVE-2014-6500
* CVE-2014-6505
* CVE-2014-6507
* CVE-2014-6520
* CVE-2014-6530
* CVE-2014-6551
* CVE-2014-6555
* CVE-2014-6559
* CVE-2014-6564");
script_tag(name:"affected", value:"'MySQL' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libmysql55client18-32bit", rpm:"libmysql55client18-32bit~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysql55client18", rpm:"libmysql55client18~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysql55client18-x86", rpm:"libmysql55client18-x86~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysql55client_r18", rpm:"libmysql55client_r18~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclient15-32bit", rpm:"libmysqlclient15-32bit~5.0.96~0.6.20", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclient15", rpm:"libmysqlclient15~5.0.96~0.6.20", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclient15-x86", rpm:"libmysqlclient15-x86~5.0.96~0.6.20", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmysqlclient_r15", rpm:"libmysqlclient_r15~5.0.96~0.6.20", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-client", rpm:"mysql-client~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mysql-tools", rpm:"mysql-tools~5.5.42~0.8.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SuSE 11.3 Security Update : MySQL (SAT Patch Number 10387)
2015-03-30 00:00:00
Ubuntu 14.04 LTS : MySQL vulnerabilities (USN-2384-1)
2014-10-16 00:00:00
Debian DSA-3054-1 : mysql-5.5 - security update
2014-10-21 00:00:00
suse
suse
Security update for MySQL (important)
2015-03-28 01:04:56
Security update for mariadb (important)
2015-04-21 19:05:04
Security update for MariaDB (important)
2015-07-09 17:08:05
debian
debian
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
[SECURITY] [DSA 3054-1] mysql-5.5 security update
2014-10-20 15:27:13
[SECURITY] [DSA 3135-1] mysql-5.5 security update
2015-01-23 16:16:51
f5
f5
K15725 : Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities
2014-10-23 00:00:00
SOL16355 - Multiple MySQL vulnerabilities
2015-04-03 00:00:00
openvas
openvas
SUSE: Security Advisory for MySQL (SUSE-SU-2015:0620-1)
2015-10-13 00:00:00
Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)
2014-10-20 00:00:00
Debian: Security Advisory (DSA-3054-1)
2014-10-19 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2014-10-15 00:00:00
MySQL vulnerabilities
2015-01-22 00:00:00
osv
osv
mysql-5.5 - security update
2014-10-20 00:00:00
mysql-5.5 - security update
2015-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mariadb-galera-5.5.40-2.fc20
2014-12-03 01:02:24
[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20
2014-12-12 04:25:50
[SECURITY] Fedora 20 Update: community-mysql-5.5.41-1.fc20
2015-02-15 03:25:22
slackware
slackware
[slackware-security] mariadb
2014-11-04 01:25:07
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2014-10-26 00:23:09
ibm
ibm
gentoo
gentoo
MySQL, MariaDB: Multiple vulnerabilities
2014-11-05 00:00:00
MySQL and MariaDB: Multiple vulnerabilities
2015-04-11 00:00:00
redhat
redhat
(RHSA-2015:0116) Moderate: mysql55-mysql security update
2015-02-03 00:00:00
(RHSA-2015:0117) Moderate: mariadb55-mariadb security update
2015-02-03 00:00:00
(RHSA-2014:1940) Important: mariadb-galera security update
2014-12-02 16:44:45
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:13:25
Unauthenticated Access
2019-05-02 05:43:32
Information Disclosure
2019-05-02 05:06:27
centos
centos
mariadb security update
2015-02-05 16:54:20
mysql55 security update
2014-11-17 17:35:05
mariadb security update
2014-11-17 17:32:07
oraclelinux
oraclelinux
mariadb security update
2015-02-03 00:00:00
mysql55-mysql security update
2014-11-17 00:00:00
mariadb security update
2014-11-17 00:00:00
amazon
amazon
Important: mysql55
2014-10-16 22:14:00
mariadbunix
mariadbunix
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2015-01-21 18:59:00
Design/Logic Flaw
2014-10-15 22:55:00
nvd
nvd
debiancve
debiancve
packetstorm
packetstorm
Oracle MySQL User Account Enumeration Utility
2012-12-03 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.973
Percentile
99.9%
Related for OPENVAS:13614125623114201506201