Detections
Analytics
MySQL 5.5.x < 5.5.45 / 5.6.x < 5.6.26 Multiple Vulnerabilities
critical Nessus Plugin ID 85223
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The version of MySQL running on the remote host is 5.5.x prior to 5.5.45 or 5.6.x prior to 5.6.26. It is, therefore, potentially affected by the following vulnerabilities :- A buffer overflow condition exists in mysqlslap due to improper validation of user-supplied input when parsing options. An attacker can exploit this to cause a denial of service or possibly execute arbitrary code.
- A flaw exists when handling CHAR(0) NOT NULL column operations. An attacker can exploit this to cause the server to exit, resulting in a denial of service.
- A use-after-free error exists whenever the Enterprise Firewall and Binary Logging components are both enabled.
An attacker can exploit this to execute arbitrary code.
- An off-by-one overflow exists due to improper validation of user-supplied input by the functions related to string copying. An attacker can exploit this to cause a denial of service or possibly execute arbitrary code.
Solution
Upgrade to MySQL version 5.5.45 / 5.6.26 or later.See Also
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
Plugin Details
Severity: Critical
ID: 85223
File Name: mysql_5_6_26.nasl
Version: 1.7
Type: remote
Family: Databases
Published: 8/4/2015
Updated: 1/2/2019
Configuration: Enable paranoid mode
Supported Sensors: Frictionless Assessment Agent, Nessus
Vulnerability Information
CPE: cpe:/a:oracle:mysql
Required KB Items: Settings/ParanoidReport
Patch Publication Date: 7/24/2015
Vulnerability Publication Date: 7/24/2015