FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)

high Nessus Plugin ID 148869

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Oracle reports :

This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8.

MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only

Solution

Update the affected packages.

See Also

https://www.oracle.com/security-alerts/cpuapr2021.html

https://mariadb.com/kb/en/mariadb-10510-release-notes/

http://www.nessus.org/u?749306cb

Plugin Details

Severity: High

ID: 148869

File Name: freebsd_pkg_56ba4513a1be11eb9072d4c9ef517024.nasl

Version: 1.5

Type: local

Published: 4/21/2021

Updated: 1/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2021-2144

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mysql56-server, p-cpe:/a:freebsd:freebsd:mariadb103-server, p-cpe:/a:freebsd:freebsd:mariadb104-server, p-cpe:/a:freebsd:freebsd:mysql80-server, p-cpe:/a:freebsd:freebsd:mysql57-server, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:mariadb105-server

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2021

Vulnerability Publication Date: 4/20/2021

Reference Information

CVE: CVE-2020-1971, CVE-2020-28196, CVE-2020-8277, CVE-2021-2144, CVE-2021-2146, CVE-2021-2154, CVE-2021-2160, CVE-2021-2162, CVE-2021-2164, CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179, CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308, CVE-2021-23841, CVE-2021-3449