Executive Summary

Summary
Title mysql-5.1 security update
Informations
Name DSA-2496 First vendor Publication 2012-06-18
Vendor Debian Last vendor Modification 2012-06-18
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the MySQL release notes at: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html

CVE-2012-2122, an authentication bypass vulnerability, occurs only when MySQL has been built in with certain optimisations enabled. The packages in Debian stable (squeeze) are not known to be affected by this vulnerability. It is addressed in this update nonetheless, so future rebuilds will not become vulnerable to this issue.

For the stable distribution (squeeze), these problems have been fixed in version 5.1.63-0+squeeze1.

For the testing distribution (wheezy), these problems has been fixed in version 5.1.62-1 of the mysql-5.1 package and version 5.5.24+dfsg-1 of the mysql-5.5 package.

We recommend that you upgrade your MySQL packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2496

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17885
 
Oval ID: oval:org.mitre.oval:def:17885
Title: USN-1467-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1467-1
CVE-2012-2122
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21317
 
Oval ID: oval:org.mitre.oval:def:21317
Title: RHSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): RHSA-2012:0105-01
CESA-2012:0105
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 237
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23683
 
Oval ID: oval:org.mitre.oval:def:23683
Title: ELSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): ELSA-2012:0105-01
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 77
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 49
Application 383
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

OpenVAS Exploits

Date Description
2012-12-26 Name : Fedora Update for mysql FEDORA-2012-19823
File : nvt/gb_fedora_2012_19823_mysql_fc16.nasl
2012-12-18 Name : Fedora Update for mysql FEDORA-2012-19833
File : nvt/gb_fedora_2012_19833_mysql_fc17.nasl
2012-12-13 Name : SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql)
File : nvt/gb_suse_2012_0860_1.nasl
2012-11-15 Name : CentOS Update for mysql CESA-2012:1462 centos6
File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl
2012-11-15 Name : RedHat Update for mysql RHSA-2012:1462-01
File : nvt/gb_RHSA-2012_1462-01_mysql.nasl
2012-08-30 Name : Fedora Update for mysql FEDORA-2012-9308
File : nvt/gb_fedora_2012_9308_mysql_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2496-1 (mysql-5.1)
File : nvt/deb_2496_1.nasl
2012-06-28 Name : Fedora Update for mysql FEDORA-2012-9324
File : nvt/gb_fedora_2012_9324_mysql_fc16.nasl
2012-06-15 Name : Ubuntu Update for mysql-5.5 USN-1467-1
File : nvt/gb_ubuntu_USN_1467_1.nasl
2012-06-11 Name : MySQL Authentication Bypass
File : nvt/mysql_auth_bypas_cve_2012_2122.nasl

Snort® IPS/IDS

Date Description
2014-01-10 MySQL/MariaDB client authentication bypass attempt
RuleID : 23115 - Revision : 8 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-378.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-332.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-276.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-93.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-141.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130122_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2012-11-16 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121114_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-11-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2012-11-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2012-08-02 Name : The remote database server can be accessed without a valid password.
File : mysql_auth_bypass.nasl - Type : ACT_ATTACK
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2496.nasl - Type : ACT_GATHER_INFO
2012-06-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9324.nasl - Type : ACT_GATHER_INFO
2012-06-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9308.nasl - Type : ACT_GATHER_INFO
2012-06-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1467-1.nasl - Type : ACT_GATHER_INFO
2012-06-11 Name : The remote database server is affected by a security bypass vulnerability.
File : mysql_5_5_24.nasl - Type : ACT_GATHER_INFO
2012-06-11 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_63.nasl - Type : ACT_GATHER_INFO
2012-04-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_62.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_22.nasl - Type : ACT_GATHER_INFO
2012-02-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-02-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:31:10
  • Multiple Updates