Executive Summary
Summary | |
---|---|
Title | MySQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1807-1 | First vendor Publication | 2013-04-25 |
Vendor | Ubuntu | Last vendor Modification | 2013-04-25 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.5: MySQL database - mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database Details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 10.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1807-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-522 | Insufficiently Protected Credentials (CWE/SANS Top 25) |
12 % | CWE-310 | Cryptographic Issues |
12 % | CWE-200 | Information Exposure |
12 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
12 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17129 | |||
Oval ID: | oval:org.mitre.oval:def:17129 | ||
Title: | USN-1807-1 -- MySQL vulnerabilities | ||
Description: | Multiple security issues were discovered in MySQL. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1807-1 CVE-2012-0553 CVE-2013-1492 CVE-2013-1502 CVE-2013-1506 CVE-2013-1511 CVE-2013-1512 CVE-2013-1521 CVE-2013-1523 CVE-2013-1526 CVE-2013-1532 CVE-2013-1544 CVE-2013-1552 CVE-2013-1555 CVE-2013-1623 CVE-2013-2375 CVE-2013-2376 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 12.04 Ubuntu 10.04 Ubuntu 12.10 | Product(s): | mysql-5.1 mysql-5.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18379 | |||
Oval ID: | oval:org.mitre.oval:def:18379 | ||
Title: | USN-1807-2 -- mysql-5.5 vulnerabilities | ||
Description: | Several security issues were fixed in MySQL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1807-2 CVE-2012-0553 CVE-2013-1492 CVE-2013-1502 CVE-2013-1506 CVE-2013-1511 CVE-2013-1512 CVE-2013-1521 CVE-2013-1523 CVE-2013-1526 CVE-2013-1532 CVE-2013-1544 CVE-2013-1552 CVE-2013-1555 CVE-2013-1623 CVE-2013-2375 CVE-2013-2376 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 | Version: | 7 |
Platform(s): | Ubuntu 13.04 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18467 | |||
Oval ID: | oval:org.mitre.oval:def:18467 | ||
Title: | DSA-2667-1 mysql-5.5 - several | ||
Description: | Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2667-1 CVE-2013-1502 CVE-2013-1511 CVE-2013-1532 CVE-2013-1544 CVE-2013-2375 CVE-2013-2376 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 | Version: | 8 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | mysql-5.5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
MySQL FILE privilege elevation | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-07 | Name : MySQL Authentication Error Message User Enumeration Vulnerability File : nvt/gb_oracle_mysql_old_auth_user_enum_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-14 | MySQL/MariaDB Server geometry query envelope object integer overflow attempt RuleID : 52423 - Revision : 1 - Type : SERVER-MYSQL |
2017-11-30 | MySQL/MariaDB Server geometry query integer overflow attempt RuleID : 44674 - Revision : 2 - Type : SERVER-MYSQL |
2015-03-31 | MySQL/MariaDB Server geometry query object integer overflow attempt RuleID : 33637 - Revision : 4 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt RuleID : 26313 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multistring object integer overflow attempt RuleID : 26312 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query polygon object integer overflow attempt RuleID : 26311 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query linestring object integer overflow attempt RuleID : 26310 - Revision : 6 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt RuleID : 26309 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multistring object integer overflow attempt RuleID : 26308 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query polygon object integer overflow attempt RuleID : 26307 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query linestring object integer overflow attempt RuleID : 26306 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt RuleID : 26305 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multistring object integer overflow attempt RuleID : 26304 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query polygon object integer overflow attempt RuleID : 26303 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query linestring object integer overflow attempt RuleID : 26302 - Revision : 5 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt RuleID : 26301 - Revision : 6 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query multistring object integer overflow attempt RuleID : 26300 - Revision : 6 - Type : SERVER-MYSQL |
2014-01-10 | MySQL/MariaDB Server geometry query polygon object integer overflow attempt RuleID : 26299 - Revision : 6 - Type : SERVER-MYSQL |
2014-01-10 | Oracle MySQL user enumeration attempt RuleID : 24908 - Revision : 7 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-091.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_mysql_20130924.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10601.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-14791.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3054.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2384-1.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_39.nasl - Type : ACT_GATHER_INFO |
2014-09-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201409-04.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-6.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-4.nasl - Type : ACT_GATHER_INFO |
2014-02-06 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_32.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2818.nasl - Type : ACT_GATHER_INFO |
2013-11-27 | Name : The remote database server may be affected by a security bypass vulnerability. File : mysql_com_change_user_bruteforce_weakness.nasl - Type : ACT_GATHER_INFO |
2013-10-08 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-130926.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-187.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-186.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-130815.nasl - Type : ACT_GATHER_INFO |
2013-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1909-1.nasl - Type : ACT_GATHER_INFO |
2013-07-17 | Name : The remote database server may be affected by multiple vulnerabilities. File : mysql_5_1_70.nasl - Type : ACT_GATHER_INFO |
2013-07-17 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_12.nasl - Type : ACT_GATHER_INFO |
2013-07-17 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_32.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0772.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-10020.nasl - Type : ACT_GATHER_INFO |
2013-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2667.nasl - Type : ACT_GATHER_INFO |
2013-04-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0772.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0772.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1807-2.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130425_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1807-1.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote database server may be affected by multiple vulnerabilities. File : mysql_5_5_31.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote database server may be affected by multiple vulnerabilities. File : mysql_5_6_11.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote database server may be affected by multiple vulnerabilities. File : mysql_5_1_69.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-102.nasl - Type : ACT_GATHER_INFO |
2013-03-29 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_30.nasl - Type : ACT_GATHER_INFO |
2013-03-29 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_28.nasl - Type : ACT_GATHER_INFO |
2013-03-29 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_68.nasl - Type : ACT_GATHER_INFO |
2013-03-29 | Name : The remote database server is affected by a buffer overflow vulnerability. File : mysql_5_5_30.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_5_29.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_3_12.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_2_14.nasl - Type : ACT_GATHER_INFO |
2013-02-28 | Name : The remote database server is affected by multiple vulnerabilities. File : mariadb_5_1_67.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-121227.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The database server running on the remote host is affected by multiple SQL in... File : mariadb_binary_log_sqli.nasl - Type : ACT_GATHER_INFO |
2013-02-08 | Name : The database server running on the remote host has multiple SQL injection vul... File : mysql_binary_log_sqli.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8c773d7f6cbb11e2b242c8600054b392.nasl - Type : ACT_GATHER_INFO |
2013-01-28 | Name : The remote database server has an information disclosure vulnerability. File : mysql_user_enumeration.nasl - Type : ACT_GATHER_INFO |
2012-10-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_28.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:52 |
|
2013-10-01 21:23:31 |
|
2013-05-11 00:55:33 |
|
2013-04-25 05:18:37 |
|