Executive Summary
Summary | |
---|---|
Title | mysql-5.1 security update |
Informations | |||
---|---|---|---|
Name | DSA-2496 | First vendor Publication | 2012-06-18 |
Vendor | Debian | Last vendor Modification | 2012-06-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html CVE-2012-2122, an authentication bypass vulnerability, occurs only when MySQL has been built in with certain optimisations enabled. The packages in Debian stable (squeeze) are not known to be affected by this vulnerability. It is addressed in this update nonetheless, so future rebuilds will not become vulnerable to this issue. For the stable distribution (squeeze), these problems have been fixed in version 5.1.63-0+squeeze1. For the testing distribution (wheezy), these problems has been fixed in version 5.1.62-1 of the mysql-5.1 package and version 5.5.24+dfsg-1 of the mysql-5.5 package. We recommend that you upgrade your MySQL packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2496 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17885 | |||
Oval ID: | oval:org.mitre.oval:def:17885 | ||
Title: | USN-1467-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | Several security issues were fixed in MySQL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1467-1 CVE-2012-2122 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | mysql-5.5 mysql-5.1 mysql-dfsg-5.1 mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-26 | Name : Fedora Update for mysql FEDORA-2012-19823 File : nvt/gb_fedora_2012_19823_mysql_fc16.nasl |
2012-12-18 | Name : Fedora Update for mysql FEDORA-2012-19833 File : nvt/gb_fedora_2012_19833_mysql_fc17.nasl |
2012-12-13 | Name : SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql) File : nvt/gb_suse_2012_0860_1.nasl |
2012-11-15 | Name : CentOS Update for mysql CESA-2012:1462 centos6 File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl |
2012-11-15 | Name : RedHat Update for mysql RHSA-2012:1462-01 File : nvt/gb_RHSA-2012_1462-01_mysql.nasl |
2012-08-30 | Name : Fedora Update for mysql FEDORA-2012-9308 File : nvt/gb_fedora_2012_9308_mysql_fc17.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2496-1 (mysql-5.1) File : nvt/deb_2496_1.nasl |
2012-06-28 | Name : Fedora Update for mysql FEDORA-2012-9324 File : nvt/gb_fedora_2012_9324_mysql_fc16.nasl |
2012-06-15 | Name : Ubuntu Update for mysql-5.5 USN-1467-1 File : nvt/gb_ubuntu_USN_1467_1.nasl |
2012-06-11 | Name : MySQL Authentication Bypass File : nvt/mysql_auth_bypas_cve_2012_2122.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MySQL/MariaDB client authentication bypass attempt RuleID : 23115 - Revision : 8 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-378.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-332.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-276.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-93.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-141.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0180.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1462.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130122_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121114_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-11-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO |
2012-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO |
2012-08-02 | Name : The remote database server can be accessed without a valid password. File : mysql_auth_bypass.nasl - Type : ACT_ATTACK |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2496.nasl - Type : ACT_GATHER_INFO |
2012-06-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9324.nasl - Type : ACT_GATHER_INFO |
2012-06-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9308.nasl - Type : ACT_GATHER_INFO |
2012-06-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1467-1.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote database server is affected by a security bypass vulnerability. File : mysql_5_5_24.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_63.nasl - Type : ACT_GATHER_INFO |
2012-04-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_62.nasl - Type : ACT_GATHER_INFO |
2012-04-11 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_22.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:10 |
|