MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MySQL running on the remote host is 5.6.x prior to
5.6.27. It is, therefore, potentially affected by the following
vulnerabilities :

- A certificate validation bypass vulnerability exists in
the Security:Encryption subcomponent due to a flaw in
the X509_verify_cert() function in x509_vfy.c that is
triggered when locating alternate certificate chains
when the first attempt to build such a chain fails. A
remote attacker can exploit this, by using a valid leaf
certificate as a certificate authority (CA), to issue
invalid certificates that will bypass authentication.
(CVE-2015-1793)

- An unspecified flaw exists in the Client Programs
subcomponent. A local attacker can exploit this to gain
elevated privileges. (CVE-2015-4819)

- An unspecified flaw exists in the Types subcomponent.
An authenticated, remote attacker can exploit this to
gain access to sensitive information. (CVE-2015-4826)

- An unspecified flaws exist in the Security:Privileges
subcomponent. An authenticated, remote attacker can
exploit these to impact integrity. (CVE-2015-4830,
CVE-2015-4864)

- An unspecified flaw exists in the DLM subcomponent.
An authenticated, remote attacker can exploit this to
impact integrity. (CVE-2015-4879)

- An unspecified flaw exists in the Server Security
Encryption subcomponent that allows an authenticated,
remote attacker to disclose sensitive information.
(CVE-2015-7744)

Additionally, unspecified denial of service vulnerabilities can also
exist in the following MySQL subcomponents :

- DDL (CVE-2015-4815)

- DML (CVE-2015-4858, CVE-2015-4862, CVE-2015-4905,
CVE-2015-4913)

- InnoDB (CVE-2015-4861, CVE-2015-4866, CVE-2015-4895)

- libmysqld (CVE-2015-4904)

- Memcached (CVE-2015-4910)

- Optimizer (CVE-2015-4800)

- Parser (CVE-2015-4870)

- Partition (CVE-2015-4792, CVE-2015-4802, CVE-2015-4833)

- Query (CVE-2015-4807)

- Replication (CVE-2015-4890)

- Security : Firewall (CVE-2015-4766)

- Server : General (CVE-2016-0605)

- Security : Privileges (CVE-2015-4791)

- SP (CVE-2015-4836)

- Types (CVE-2015-4730)

See also :

http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
http://www.nessus.org/u?75a4a4fb
http://www.nessus.org/u?66027465

Solution :

Upgrade to MySQL version 5.6.27 or later as referenced in the October
2015 Oracle Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false