FreeBSD : MySQL -- Multiple vulnerabilities (38a4a043-e937-11eb-9b84-d4c9ef517024)

high Nessus Plugin ID 151899

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Oracle reports :

This Critical Patch Update contains 41 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 8.8.

MariaDB is affected by CVE-2021-2372 and CVE-2021-2389 only.

Solution

Update the affected packages.

See Also

https://www.oracle.com/security-alerts/cpujul2021.html

http://www.nessus.org/u?953cbc62

Plugin Details

Severity: High

ID: 151899

File Name: freebsd_pkg_38a4a043e93711eb9b84d4c9ef517024.nasl

Version: 1.4

Type: local

Published: 7/21/2021

Updated: 5/9/2022

Risk Information

CVSS Score Source: CVE-2021-2417

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: High

Base Score: 8

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mariadb103-server, p-cpe:/a:freebsd:freebsd:mariadb104-server, p-cpe:/a:freebsd:freebsd:mariadb105-server, p-cpe:/a:freebsd:freebsd:mysql57-server, p-cpe:/a:freebsd:freebsd:mysql80-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/20/2021

Vulnerability Publication Date: 7/20/2021

Reference Information

CVE: CVE-2019-17543, CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2411, CVE-2021-2412, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441, CVE-2021-2444, CVE-2021-3450, CVE-2021-22884, CVE-2021-22901