#VU33838 Input validation error in MySQL Server - CVE-2014-4260
Vulnerability identifier: #VU33838
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MySQL Server
Server applications /
Database software
Vendor: Oracle
Description
The vulnerability allows a remote #AU# to manipulate or delete data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Mitigation
Install update from vendor's website.
Vulnerable software versions
MySQL Server: 5.5.0 - 5.5.36, 5.6.0 - 5.6.16
External links
https://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
https://seclists.org/fulldisclosure/2014/Dec/23
https://secunia.com/advisories/60425
https://www.debian.org/security/2014/dsa-2985
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
https://www.securityfocus.com/archive/1/534161/100/0/threaded
https://www.securityfocus.com/bid/68573
https://www.securitytracker.com/id/1030578
https://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94621
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
