Executive Summary
| Summary | |
|---|---|
| Title | mysql security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2013:0219 | First vendor Publication | 2013-01-31 |
| Vendor | RedHat | Last vendor Modification | 2013-01-31 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389) These updated packages upgrade MySQL to version 5.1.67. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 896062 - CVE-2013-0384 mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013) 896063 - CVE-2013-0389 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013) 896066 - CVE-2013-0385 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows local attackers to alter confidentiality and integrity 896067 - CVE-2013-0375 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows remote attackers to alter confidentiality and integrity 896069 - CVE-2012-1702 mysql: unspecified unauthenticated DoS vulnerability related to Server (CPU Jan 2013) 896070 - CVE-2013-0383 mysql: unspecified unauthenticated DoS vulnerability related to Server Locking (CPU Jan 2013) 896072 - CVE-2012-0572 mysql: unspecified DoS vulnerability related to InnoDB (CPU Jan 2013) 896076 - CVE-2012-0574 mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013) 896078 - CVE-2012-1705 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013) |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2013-0219.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16267 | |||
| Oval ID: | oval:org.mitre.oval:def:16267 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0385 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16632 | |||
| Oval ID: | oval:org.mitre.oval:def:16632 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0384 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16758 | |||
| Oval ID: | oval:org.mitre.oval:def:16758 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0383 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16792 | |||
| Oval ID: | oval:org.mitre.oval:def:16792 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0572 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16825 | |||
| Oval ID: | oval:org.mitre.oval:def:16825 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0389 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17175 | |||
| Oval ID: | oval:org.mitre.oval:def:17175 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0375 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17186 | |||
| Oval ID: | oval:org.mitre.oval:def:17186 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1702 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17266 | |||
| Oval ID: | oval:org.mitre.oval:def:17266 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0574 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17268 | |||
| Oval ID: | oval:org.mitre.oval:def:17268 | ||
| Title: | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1705 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | MySQL Server 5.1 MySQL Server 5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18161 | |||
| Oval ID: | oval:org.mitre.oval:def:18161 | ||
| Title: | USN-1703-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities | ||
| Description: | Several security issues were fixed in MySQL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1703-1 CVE-2012-0572 CVE-2012-0574 CVE-2012-0578 CVE-2012-1702 CVE-2012-1705 CVE-2012-5060 CVE-2012-5096 CVE-2012-5611 CVE-2012-5612 CVE-2013-0367 CVE-2013-0368 CVE-2013-0371 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0386 CVE-2013-0389 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | mysql-5.5 mysql-5.1 mysql-dfsg-5.1 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21000 | |||
| Oval ID: | oval:org.mitre.oval:def:21000 | ||
| Title: | RHSA-2013:0219: mysql security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0219-02 CESA-2013:0219 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 | Version: | 129 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | mysql |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27382 | |||
| Oval ID: | oval:org.mitre.oval:def:27382 | ||
| Title: | DEPRECATED: ELSA-2013-0219 -- mysql security update (moderate) | ||
| Description: | [5.1.67-1] - Update to 5.1.67, for assorted upstream bugfixes including CVEs announced in January 2013 Resolves: #901380 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0219 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | mysql |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10601.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-152.nasl - Type : ACT_GATHER_INFO |
| 2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0219.nasl - Type : ACT_GATHER_INFO |
| 2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_1_67.nasl - Type : ACT_GATHER_INFO |
| 2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_2_14.nasl - Type : ACT_GATHER_INFO |
| 2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_3_12.nasl - Type : ACT_GATHER_INFO |
| 2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_29.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-007.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130131_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0219.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0219.nasl - Type : ACT_GATHER_INFO |
| 2013-01-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1703-1.nasl - Type : ACT_GATHER_INFO |
| 2013-01-18 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_67.nasl - Type : ACT_GATHER_INFO |
| 2013-01-18 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_29.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:56:44 |
|
| 2013-02-01 00:18:31 |
|
