FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)

Medium Nessus Plugin ID 109228

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Oracle reports :

MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

- A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755].

- A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805].

- A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819].

- A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818].

- A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817].

- A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816].

- A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773].

- A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787].

- A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812].

- A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877].

- A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].

- A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839].

- A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846].

- A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769].

- A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776].

- A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762].

- A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771].

- A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?76507bf8

http://www.nessus.org/u?2312f6f4

Plugin Details

Severity: Medium

ID: 109228

File Name: freebsd_pkg_57aec168453e11e88777b499baebfeaf.nasl

Version: 1.4

Type: local

Published: 2018/04/23

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS v3.0

Base Score: 7.7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mariadb100-server, p-cpe:/a:freebsd:freebsd:mariadb101-server, p-cpe:/a:freebsd:freebsd:mariadb102-server, p-cpe:/a:freebsd:freebsd:mariadb55-server, p-cpe:/a:freebsd:freebsd:mysql55-server, p-cpe:/a:freebsd:freebsd:mysql56-server, p-cpe:/a:freebsd:freebsd:mysql57-server, p-cpe:/a:freebsd:freebsd:percona55-server, p-cpe:/a:freebsd:freebsd:percona56-server, p-cpe:/a:freebsd:freebsd:percona57-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/04/21

Vulnerability Publication Date: 2018/04/17

Reference Information

CVE: CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, CVE-2018-2762, CVE-2018-2766, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, CVE-2018-2775, CVE-2018-2776, CVE-2018-2777, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, CVE-2018-2816, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, CVE-2018-2846, CVE-2018-2877