CVE-2013-2391

LOW

Description

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

References

http://rhn.redhat.com/errata/RHSA-2013-0772.html

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Details

Source: MITRE

Published: 2013-04-17

Updated: 2019-12-17

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 3

Vector: AV:L/AC:M/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 2.7

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.45:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.46:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.47:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.48:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.49:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.49:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.50:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.62:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.63:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.64:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.65:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.66:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.67:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.1.68 (inclusive)

Configuration 2

OR

cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.5.30 (inclusive)

Configuration 3

OR

cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to 5.6.10 (inclusive)

Tenable Plugins

View all (20 total)

ID	Name	Product	Family	Severity
80195	Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)	Nessus	Junos Local Security Checks	critical
69746	Amazon Linux AMI : mysql55 (ALAS-2013-187)	Nessus	Amazon Linux Local Security Checks	medium
69745	Amazon Linux AMI : mysql51 (ALAS-2013-186)	Nessus	Amazon Linux Local Security Checks	medium
69508	GLSA-201308-06 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
68817	Oracle Linux 6 : mysql (ELSA-2013-0772)	Nessus	Oracle Linux Local Security Checks	medium
66384	Debian DSA-2667-1 : mysql-5.5 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
66257	CentOS 6 : mysql (CESA-2013:0772)	Nessus	CentOS Local Security Checks	medium
66231	Ubuntu 13.04 : mysql-5.5 vulnerabilities (USN-1807-2)	Nessus	Ubuntu Local Security Checks	high
66229	Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20130425)	Nessus	Scientific Linux Local Security Checks	medium
66225	RHEL 6 : mysql (RHSA-2013:0772)	Nessus	Red Hat Local Security Checks	medium
66215	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-1807-1)	Nessus	Ubuntu Local Security Checks	high
801160	MySQL Server 5.6.x < 5.6.11 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
801139	MySQL Server 5.5.x < 5.5.31 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
801127	MySQL Server 5.1.x < 5.1.69 Multiple Vulnerabilities	Log Correlation Engine	Database	medium
66179	MySQL 5.6.x < 5.6.11 Multiple Vulnerabilities	Nessus	Databases	medium
66178	MySQL 5.5 < 5.5.31 Multiple Vulnerabilities	Nessus	Databases	medium
66177	MySQL 5.1 < 5.1.69 Multiple Vulnerabilities	Nessus	Databases	medium
6768	Oracle MySQL Server 5.6.x < 5.6.11 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
6767	Oracle MySQL Server 5.5.x < 5.5.31 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
6765	Oracle MySQL Server 5.1.x < 5.1.69 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium