#VU42160 Input validation error in mysql - CVE-2014-0401
Vulnerability identifier: #VU42160
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
mysql
Vendor: Google
Description
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Mitigation
Install update from vendor's website.
Vulnerable software versions
mysql: 5.1 - 5.6.13
External links
https://osvdb.org/102071
https://rhn.redhat.com/errata/RHSA-2014-0164.html
https://rhn.redhat.com/errata/RHSA-2014-0173.html
https://rhn.redhat.com/errata/RHSA-2014-0186.html
https://rhn.redhat.com/errata/RHSA-2014-0189.html
https://secunia.com/advisories/56491
https://secunia.com/advisories/56541
https://secunia.com/advisories/56580
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://ubuntu.com/usn/usn-2086-1
https://www.debian.org/security/2014/dsa-2845
https://www.debian.org/security/2014/dsa-2848
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64898
https://exchange.xforce.ibmcloud.com/vulnerabilities/90382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
