Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle MySQL 5.7.x < 5.7.10 Multiple Vulnerabilities

High

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.10 and is affected by multiple issues :

- A flaw exists that is triggered when repeatedly executing a prepared statement when the default database has been changed. This may allow an authenticated attacker to cause a server exit. (OSVDB 131599) - A use-after-free error exists that is triggered when reevaluating generated column expressions. This may allow an authenticated attacker to dereference already freed memory and cause a server exit. (OSVDB 131600) - A flaw exists that is triggered when selecting DECIMAL values into user-defined variables. This may allow an authenticated attacker to cause a server exit. (OSVDB 131601) - An unspecified use-after-free error exists in spatial functions. This may allow an authenticated attacker to dereference already freed memory and cause a denial of service. (OSVDB 131602) - A flaw exists in InnoDB that is triggered when converting a table to an InnoDB file-per-table tablespace with an ALTER TABLE operation. This may fail to check for destination files with the same name, resulting in a file overwrite. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131603) - A NULL pointer dereference flaw exists in InnoDB that is triggered when the return value of an unspecified function call used in a DROP TABLE operation is not properly checked. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131604) - A flaw exists in the 'row_quiesce_table_start()' function in InnoDB that is triggered when running a 'FLUSH TABLE ... FOR EXPORT' operation on a partitioned table with partitions residing in a system or general tablespace. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131605) - A flaw exists in InnoDB that is triggered when handling 'ALTER TABLE ... DISCARD TABLESPACE' operations. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131606) - A flaw exists in InnoDB that is triggered when handling TRUNCATE TABLE operations on tables with full-text indexes. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131607) - A flaw exists in InnoDB that is triggered when handling 'SELECT ... FOR UPDATE' operations on tables that only contain virtual columns and virtual column indexes. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131608) - A flaw exists in InnoDB that is triggered when handling in-place operations that rebuild tables with multiple indexed virtual columns. This may allow an authenticated attacker to cause a denial of service. (OSVDB 131609) - A flaw exists that is triggered when updating views using ALL comparison operators on subqueries that select from indexed columns in the main table. This may allow an authenticated attacker to cause the server to exit. (OSVDB 131610) - A flaw exists in InnoDB that is triggered when handling online ALTER TABLE operations. This may allow an authenticated attacker to cause the server to exit. (OSVDB 131611) - An overflow condition exists in 'strcpy()' and 'sprintf()'. The issue is triggered as user-supplied input is not properly validated. This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 131612) - A flaw exists that is triggered when selecting DECIMAL values into user-defined variables. This may allow an authenticated attacker to cause the server to exit. (OSVDB 131613) - A flaw exists that is triggered when handling concurrent FLUSH PRIVILEGES and REVOKE or GRANT statements. This may allow an authenticated attacker to cause the server to exit by triggering an invalid memory access to proxy user information. (OSVDB 131614) - A flaw exists that is triggered on the second execution of a prepared statement where an ORDER BY clause references a column position. This may allow an authenticated attacker to cause the server to exit. (OSVDB 131615)

Solution

Upgrade to MySQL 5.7.10 or later.