Summary
This host is running Oracle MySQL and is
prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers
to disclose potentially sensitive information, gain escalated privileges, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Insight
Unspecified errors in the MySQL Server
component via unknown vectors related to CLIENT:MYSQLADMIN, CLIENT:MYSQLDUMP, SERVER:MEMORY STORAGE ENGINE, SERVER:SSL:yaSSL, SERVER:DML, SERVER:SSL:yaSSL, SERVER:REPLICATION ROW FORMAT BINARY LOG DML, SERVER:CHARACTER SETS, and SERVER:MyISAM.
Affected
MySQL Server version 5.5.38 and earlier
and 5.6.19 and earlier on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6478, CVE-2014-6484, CVE-2014-6495, CVE-2014-6505, CVE-2014-6530, CVE-2014-6551 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
- PostgreSQL Multiple Security Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-03 Oct14 (Windows)
- IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability (Linux)
- MySQL mysqlhotcopy script insecure temporary file