Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle MySQL 5.5.x < 5.5.45 / 5.6.x < 5.6.26 Multiple Vulnerabilities

Critical

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.45 or 5.6.x prior to 5.6.26 and is affected by multiple issues :

- An overflow condition exists in mysqlslap that is triggered as user-supplied input is not properly validated when parsing options. This may allow an attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 125441) - A flaw exists that is triggered when handling 'CHAR(0) NOT NULL' column operations. This may allow an attacker to cause the server to exit. (OSVDB 125442) - A use-after-free error exists in the Enterprise Firewall and Binary Logging components. The issue is triggered when both of these are enabled. This may allow an attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 125443) - An off-by-one overflow condition exists in the string-copying functionality. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a limited buffer overflow, resulting in a denial of service or potentially execution of arbitrary code. (OSVDB 125444)

Solution

Upgrade to MySQL 5.6.26 or later. If 5.6.x cannot be obtained, version 5.5.45 is also patched for these issues.