Oracle MySQL Server Multiple Vulnerabilities

Last Update Date: 4 Dec 2012 11:15 Release Date: 4 Dec 2012 4612 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

Multiple vulnerabilities have been identified in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system and by malicious people to conduct brute force attacks.

  1. An error when processing a database name within certain functions when checking access rights can be exploited to cause a stack-based buffer overflow.
  2. An error when deleting a table can be exploited to cause a heap-based buffer overflow.
  3. An error when handling the COM_BINLOG_DUMP command can be exploited to crash the daemon.
  4. An error when handling authentication errors can be exploited to enumerate valid user accounts.

Successful exploitation of vulnerabilities #1 and #2 may allow execution of arbitrary code.

Note: No patch is currently avaliable

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • MySQL 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • No patch is currently avaliable

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Two Vulnerabilities

3 Dec 2012 4533 Views

Next

F5 FirePass SSL VPN Remote Code Execution Vulnerability

5 Dec 2012 4814 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY