ID CVE-2014-0431
Summary Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.
References
Vulnerable Configurations
  • Oracle MySQL 5.6.0
    cpe:2.3:a:oracle:mysql:5.6.0
  • Oracle MySQL 5.6.1
    cpe:2.3:a:oracle:mysql:5.6.1
  • Oracle MySQL 5.6.10
    cpe:2.3:a:oracle:mysql:5.6.10
  • Oracle MySQL 5.6.11
    cpe:2.3:a:oracle:mysql:5.6.11
  • Oracle MySQL 5.6.12
    cpe:2.3:a:oracle:mysql:5.6.12
  • Oracle MySQL 5.6.13
    cpe:2.3:a:oracle:mysql:5.6.13
  • Oracle MySQL 5.6.14
    cpe:2.3:a:oracle:mysql:5.6.14
  • Oracle MySQL 5.6.2
    cpe:2.3:a:oracle:mysql:5.6.2
  • Oracle MySQL 5.6.3
    cpe:2.3:a:oracle:mysql:5.6.3
  • Oracle MySQL 5.6.4
    cpe:2.3:a:oracle:mysql:5.6.4
  • Oracle MySQL 5.6.5
    cpe:2.3:a:oracle:mysql:5.6.5
  • Oracle MySQL 5.6.6
    cpe:2.3:a:oracle:mysql:5.6.6
  • Oracle MySQL 5.6.7
    cpe:2.3:a:oracle:mysql:5.6.7
  • Oracle MySQL 5.6.8
    cpe:2.3:a:oracle:mysql:5.6.8
  • Oracle MySQL 5.6.9
    cpe:2.3:a:oracle:mysql:5.6.9
CVSS
Base: 3.5 (as of 16-01-2014 - 10:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201409-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77548
    published 2014-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77548
    title GLSA-201409-04 : MySQL: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBMYSQL55CLIENT18-140527.NASL
    description MySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL .
    last seen 2019-02-21
    modified 2014-06-07
    plugin id 74373
    published 2014-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74373
    title SuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)
  • NASL family Databases
    NASL id MYSQL_5_6_15.NASL
    description The version of MySQL installed on the remote host is 5.6.x older than 5.6.15. As such, it is reportedly affected by vulnerabilities in the following components : - Error Handling - GIS - InnoDB - Privileges - Optimizer - Replication
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71976
    published 2014-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71976
    title MySQL 5.6.x < 5.6.15 Multiple Vulnerabilities
  • NASL family Databases
    NASL id MARIADB_5_5_35.NASL
    description The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.35. It is, therefore, potentially affected by the following vulnerabilities : - Errors exist related to the following subcomponents : Error Handling, FTS, GIS, InnoDB, Locking, Optimizer, Partition, Performance Schema, Privileges, Replication, and Thread Pooling. (CVE-2013-5860, CVE-2013-5881, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437) - An unspecified error exists related to stored procedures handling that could allow denial of service attacks. (CVE-2013-5882) - An error exists in the file 'client/mysql.cc' that could allow a buffer overflow leading to denial of service or possibly arbitrary code execution. (CVE-2014-0001)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72374
    published 2014-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72374
    title MariaDB 5.5 < 5.5.35 Multiple Vulnerabilities
refmap via4
bid
  • 64758
  • 64897
confirm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
gentoo GLSA-201409-04
osvdb 102073
secunia 56491
xf oracle-cpujan2014-cve20140431(90384)
Last major update 06-01-2017 - 21:59
Published 15-01-2014 - 11:08
Last modified 28-08-2017 - 21:34
Back to Top