Oracle MySQL 5.7.x < 5.7.10 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9241

Synopsis

The remote database server is vulnerable to multiple attack vectors.

Description

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.10 and is affected by multiple issues :

- A flaw exists that is triggered when repeatedly executing a prepared statement when the default database has been changed. This may allow an authenticated attacker to cause a server exit.
- A use-after-free error exists that is triggered when reevaluating generated column expressions. This may allow an authenticated attacker to dereference already freed memory and cause a server exit.
- A flaw exists that is triggered when selecting DECIMAL values into user-defined variables. This may allow an authenticated attacker to cause a server exit.
- An unspecified use-after-free error exists in spatial functions. This may allow an authenticated attacker to dereference already freed memory and cause a denial of service.
- A flaw exists in InnoDB that is triggered when converting a table to an InnoDB file-per-table tablespace with an ALTER TABLE operation. This may fail to check for destination files with the same name, resulting in a file overwrite. This may allow an authenticated attacker to cause a denial of service.
- A NULL pointer dereference flaw exists in InnoDB that is triggered when the return value of an unspecified function call used in a DROP TABLE operation is not properly checked. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists in the 'row_quiesce_table_start()' function in InnoDB that is triggered when running a 'FLUSH TABLE ... FOR EXPORT' operation on a partitioned table with partitions residing in a system or general tablespace. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists in InnoDB that is triggered when handling 'ALTER TABLE ... DISCARD TABLESPACE' operations. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists in InnoDB that is triggered when handling TRUNCATE TABLE operations on tables with full-text indexes. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists in InnoDB that is triggered when handling 'SELECT ... FOR UPDATE' operations on tables that only contain virtual columns and virtual column indexes. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists in InnoDB that is triggered when handling in-place operations that rebuild tables with multiple indexed virtual columns. This may allow an authenticated attacker to cause a denial of service.
- A flaw exists that is triggered when updating views using ALL comparison operators on subqueries that select from indexed columns in the main table. This may allow an authenticated attacker to cause the server to exit.
- A flaw exists in InnoDB that is triggered when handling online ALTER TABLE operations. This may allow an authenticated attacker to cause the server to exit.
- An overflow condition exists in 'strcpy()' and 'sprintf()'. The issue is triggered as user-supplied input is not properly validated. This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
- A flaw exists that is triggered when selecting DECIMAL values into user-defined variables. This may allow an authenticated attacker to cause the server to exit.
- A flaw exists that is triggered when handling concurrent FLUSH PRIVILEGES and REVOKE or GRANT statements. This may allow an authenticated attacker to cause the server to exit by triggering an invalid memory access to proxy user information.
- A flaw exists that is triggered on the second execution of a prepared statement where an ORDER BY clause references a column position. This may allow an authenticated attacker to cause the server to exit.

Solution

Upgrade to MySQL 5.7.10 or later.

See Also

http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html

Plugin Details

Severity: High

ID: 9241

Family: Database

Published: 4/15/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:oracle:mysql

Patch Publication Date: 1/21/2015

Vulnerability Publication Date: 1/21/2015