RHEL 6 : mysql (RHSA-2012:1462)

critical Nessus Plugin ID 62923

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for mysql.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1462 advisory.

- mysql: unspecified vulnerability related to GIS extension DoS (CPU Jul 2012) (CVE-2012-0540)

- mysql: unspecified DoS vulnerability related to DML (CPU Apr 2012) (CVE-2012-1688)

- mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jul 2012) (CVE-2012-1689, CVE-2012-1734)

- mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012) (CVE-2012-1690, CVE-2012-1703)

- mysql: incorrect type cast in check_scramble() leading to authentication bypass (CVE-2012-2122)

- mysql: crash caused by wrong calculation of key length for sort order index (CVE-2012-2749)

- mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Oct 2012) (CVE-2012-3150, CVE-2012-3180)

- mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012) (CVE-2012-3158)

- mysql: unspecified vulnerability in Server Installation leading to information disclosure (CPU Oct 2012) (CVE-2012-3160)

- mysql: unspecified vulnerability related to Information Schema (CPU Oct 2012) (CVE-2012-3163)

- mysql: unspecified DoS vulnerability related to InnoDB (CPU Oct 2012) (CVE-2012-3166)

- mysql: unspecified DoS vulnerability related to Server Full Text Search (CPU Oct 2012) (CVE-2012-3167)

- mysql: unspecified DoS vulnerability related to InnoDB Plugin (CPU Oct 2012) (CVE-2012-3173)

- mysql: unspecified Server DoS vulnerability (CPU Oct 2012) (CVE-2012-3177)

- mysql: unspecified DoS vulnerability related to Server Replication (CPU Oct 2012) (CVE-2012-3197)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL mysql package based on the guidance in RHSA-2012:1462.

Plugin Details

Severity: Critical

ID: 62923

File Name: redhat-RHSA-2012-1462.nasl

Version: 1.24

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 11/15/2012

Updated: 4/21/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2012-3163

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2012-3173

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-bench, p-cpe:/a:redhat:enterprise_linux:mysql-test, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:mysql-embedded-devel, p-cpe:/a:redhat:enterprise_linux:mysql-embedded, p-cpe:/a:redhat:enterprise_linux:mysql-libs

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2012

Vulnerability Publication Date: 5/3/2012

Reference Information

CVE: CVE-2012-0540, CVE-2012-1688, CVE-2012-1689, CVE-2012-1690, CVE-2012-1703, CVE-2012-1734, CVE-2012-2122, CVE-2012-2749, CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197

BID: 53058, 53067, 53074, 54540, 54547, 54551, 55120, 55990, 56003, 56005, 56017, 56018, 56021, 56027, 56028, 56036, 56041

CWE: 305

RHSA: 2012:1462

Detections

Analytics