Oracle MySQL 5.5.x < 5.5.47 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9253

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.47 and is affected by multiple issues :

- A flaw exists that is triggered when repeatedly executing a prepared statement when the default database has been changed. This may allow an authenticated attacker to cause a server exit.
- A flaw exists that is triggered when updating views using ALL comparison operators on subqueries that select from indexed columns in the main table. This may allow an authenticated attacker to cause the server to exit.
- An overflow condition exists in 'strcpy()' and 'sprintf()'. The issue is triggered as user-supplied input is not properly validated. This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
- A flaw exists that is triggered when handling concurrent FLUSH PRIVILEGES and REVOKE or GRANT statements. This may allow an authenticated attacker to cause the server to exit by triggering an invalid memory access to proxy user information.
- A flaw exists that is triggered on the second execution of a prepared statement where an ORDER BY clause references a column position. This may allow an authenticated attacker to cause the server to exit.
- An unspecified flaw exists related to the Client subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-0546)
- An unspecified flaw exists related to the Server:Security:Encryption subcomponent. This may allow an authenticated attacker to have an unspecified impact on integrity. No further details have been provided by the vendor. (CVE-2016-0606)

Additionally, multiple unspecified flaws exist related to the following subcomponents :
- Server:Options
- Server:DML
- Server:Optimizer
- Server:Optimizer
- Server:DML
- Server:InnoDB
- Server:UDF
- Server:Security:Privileges
These flaws may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.
- An unspecified flaw related to the Optimizer subcomponent may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.

Solution

Upgrade to MySQL 5.5.x to 5.5.47 or later.

See Also

http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html

Plugin Details

Severity: High

ID: 9253

Family: Database

Published: 4/15/2016

Updated: 3/6/2019

Nessus ID: 87419

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Patch Publication Date: 12/7/2015

Vulnerability Publication Date: 1/19/2016

Reference Information

CVE: CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0651