Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle MySQL 5.6.x < 5.6.25 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.25 and is affected by multiple issues :

- An unspecified vulnerability exists related to the Security:Firewall subcomponent that can be exploited by an authenticated, remote attacker to have an impact on the integrity of the system. (CVE-2015-2639) - A denial of service (DoS) vulnerability exists in the Client subcomponent which can be exploited by a local attacker. (CVE-2015-2661) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4864)

Additionally, multiple unspecified DoS vulnerabilities exist in the following subcomponents which can be exploited by a remote, authenticated attacker : - Partition (CVE-2015-2617) - DML (CVE-2015-2648, CVE-2015-2611) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - Optimizer (CVE-2015-2643) - Partition (CVE-2015-4772) - Memcached (CVE-2015-4761) - RBR (CVE-2015-4771) - Security:Firewall (CVE-2015-4769, CVE-2015-4767) - Security:Privileges (CVE-2015-2641)

Solution

Upgrade to MySQL 5.6.25 or later.