Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.30 and is affected by multiple issues :

- A flaw exists related to certificate validation. The issue is due to the server hostname not being verified to match a domain name in the X.509 certificate. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. Man-in-the-Middle, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (OSVDB 137150) - An integer overflow condition exists that is triggered as user-supplied input is not properly validated when handling client handshake processing. This may allow an authenticated attacker to cause the server to exit. (OSVDB 137151) - A flaw exists that is due to overly verbose error messages returning part of the SQL statement that produced them. This may allow an authenticated attacker to gain access to potentially sensitive information. (OSVDB 137152)

Solution

Upgrade to MySQL 5.6.30 or later.