MySQL 5.5.x < 5.5.46 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL running on the remote host is 5.5.x prior to
5.5.46. It is, therefore, affected by the following vulnerabilities :

- An unspecified flaw exists in the Client Programs
subcomponent. A local attacker can exploit this to gain
elevated privileges. (CVE-2015-4819)

- An unspecified flaw exists in the Types subcomponent.
An authenticated, remote attacker can exploit this to
gain access to sensitive information. (CVE-2015-4826)

- An unspecified flaws exist in the Security:Privileges
subcomponent. An authenticated, remote attacker can
exploit these to impact integrity. (CVE-2015-4830,
CVE-2015-4864)

- An unspecified flaw exists in the DLM subcomponent.
An authenticated, remote attacker can exploit this to
impact integrity. (CVE-2015-4879)

- An unspecified flaw exists in the Server Security
Encryption subcomponent that allows an authenticated,
remote attacker to disclose sensitive information.
(CVE-2015-7744)

Additionally, unspecified denial of service vulnerabilities can also
exist in the following MySQL subcomponents :

- DDL (CVE-2015-4815)

- DML (CVE-2015-4858, CVE-2015-4913)

- InnoDB (CVE-2015-4816, CVE-2015-4861)

- Parser (CVE-2015-4870)

- Partition (CVE-2015-4792, CVE-2015-4802)

- Query (CVE-2015-4807)

- SP (CVE-2015-4836)

See also :

http://www.nessus.org/u?ac187e77
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html
http://www.nessus.org/u?75a4a4fb
http://www.nessus.org/u?66027465

Solution :

Upgrade to MySQL version 5.5.46 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now