#VU33837 Input validation error in MySQL Server - CVE-2014-4258
Vulnerability identifier: #VU33837
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MySQL Server
Server applications /
Database software
Vendor: Oracle
Description
The vulnerability allows a remote #AU# to read and manipulate data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Mitigation
Install update from vendor's website.
Vulnerable software versions
MySQL Server: 5.5.0 - 5.5.36, 5.6.0 - 5.6.16
External links
https://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
https://seclists.org/fulldisclosure/2014/Dec/23
https://secunia.com/advisories/60425
https://www.debian.org/security/2014/dsa-2985
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
https://www.securityfocus.com/archive/1/534161/100/0/threaded
https://www.securityfocus.com/bid/68564
https://www.securitytracker.com/id/1030578
https://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94620
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
