Input validation error in Oracle MySQL Server

1) Input validation error

EUVDB-ID: #VU33838

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2014-4260

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote #AU# to manipulate or delete data.

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MySQL Server: 5.5.0 - 5.6.16

CPE2.3

• cpe:2.3:a:oracle:mysql_server:5.5.36:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:mysql_server:5.6.16:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
https://seclists.org/fulldisclosure/2014/Dec/23
https://secunia.com/advisories/60425
https://www.debian.org/security/2014/dsa-2985
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
https://www.securityfocus.com/archive/1/534161/100/0/threaded
https://www.securityfocus.com/bid/68573
https://www.securitytracker.com/id/1030578
https://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.