Check: 454.389
MySQL EE 5.7:
454.389
(in version v2 r1)
Title
When updates are applied to the MySQL Server, any software components that have been replaced or made unnecessary must be removed. (Cat I impact)
Discussion
Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.
Check Content
If software components that have been replaced or made unnecessary are not removed, this is a finding. mysql> SELECT * FROM mysql.component;
Fix Text
Identify and remove software components that are longer necessary.
Additional Identifiers
Rule ID:
Vulnerability ID: V-58175
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002617 |
The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed. |
Controls
| Number | Title |
|---|---|
| SI-2 (6) |
Removal Of Previous Versions Of Software / Firmware |