Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9615

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.12 and is affected by multiple issues :

- A flaw exists related to certificate validation. The issue is due to the server hostname not being verified to match a domain name in the X.509 certificate. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
- An integer overflow condition exists that is triggered as user-supplied input is not properly validated when handling client handshake processing. This may allow an authenticated attacker to cause the server to exit.
- A flaw exists that is due to overly verbose error messages returning part of the SQL statement that produced them. This may allow an authenticated attacker to gain access to potentially sensitive information.
- A flaw exists in InnoDB that is triggered during the handling of an 'ALTER TABLE' or 'ADD COLUMN' operation on a table with virtual columns. This may allow an authenticated attacker to crash the server.

Solution

Upgrade to MySQL 5.7.12 or later.

See Also

http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-12.html

Plugin Details

Severity: Medium

ID: 9615

Family: Database

Published: 9/30/2016

Updated: 3/6/2019

Nessus ID: 90684

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Patch Publication Date: 4/11/2016

Vulnerability Publication Date: 4/11/2016

Reference Information

CVE: CVE-2016-2047