Oracle MySQL 5.5.x < 5.5.45 / 5.6.x < 5.6.26 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 9235

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.45 or 5.6.x prior to 5.6.26 and is affected by multiple issues :

- An overflow condition exists in mysqlslap that is triggered as user-supplied input is not properly validated when parsing options. This may allow an attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
- A flaw exists that is triggered when handling 'CHAR(0) NOT NULL' column operations. This may allow an attacker to cause the server to exit.
- A use-after-free error exists in the Enterprise Firewall and Binary Logging components. The issue is triggered when both of these are enabled. This may allow an attacker to dereference already freed memory and potentially execute arbitrary code.
- An off-by-one overflow condition exists in the string-copying functionality. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a limited buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

Solution

Upgrade to MySQL 5.6.26 or later. If 5.6.x cannot be obtained, version 5.5.45 is also patched for these issues.

See Also

http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html

http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html

Plugin Details

Severity: Critical

ID: 9235

Family: Database

Published: 2016/04/15

Modified: 2018/09/16

Dependencies: 8914

Nessus ID: 85223

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Patch Publication Date: 2015/07/24

Vulnerability Publication Date: 2015/07/24