ID CVE-2015-4769
Summary Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Oracle MySQL 5.6.24
    cpe:2.3:a:oracle:mysql:5.6.24
CVSS
Base: 3.5 (as of 26-08-2015 - 10:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Databases
    NASL id MYSQL_5_6_25.NASL
    description The version of MySQL running on the remote host is version 5.5.x prior to 5.5.44 or version 5.6.x prior to 5.6.25. It is, therefore, potentially affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker : - Partition (CVE-2015-2617) - DML (CVE-2015-2648, CVE-2015-2611) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - InnoDB (CVE-2015-4756) - Optimizer (CVE-2015-2643, CVE-2015-4757) - Partition (CVE-2015-4772) - Memcached (CVE-2015-4761) - RBR (CVE-2015-4771) - Security:Firewall (CVE-2015-4769, CVE-2015-4767) - Security:Privileges (CVE-2015-2641) - Multiple Information disclosure vulnerabilities exist in the following Server subcomponents which can be exploited by a remote, authenticated attacker to gain access to sensitive information : - Pluggable Auth (CVE-2015-4737) - Security:Privileges (CVE-2015-2620) - An unspecified vulnerability exists related to the Security:Firewall subcomponent of the Server that can be exploited by a remote, authenticated attacker to have an impact on the integrity of the system. (CVE-2015-2639) - A denial of service vulnerability exists in the Client subcomponent which can be exploited by a local attacker. No other details have been given. (CVE-2015-2661)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 84767
    published 2015-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84767
    title MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-608.NASL
    description The MySQL Community Server edition was updated to 5.6.26, fixing security issues and bugs. All changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html - Fixed CVEs: CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772 CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771 CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641 CVE-2015-2661, CVE-2015-4767 - disable Performance Schema by default. Since MySQL 5.6.6 upstream enabled Performance Schema by default which results in increased memory usage. The added option disable Performance Schema again in order to decrease MySQL memory usage [bnc#852477]. - install INFO_BIN and INFO_SRC, noticed in MDEV-6912 - remove superfluous '--group' parameter from mysql-systemd-helper - make -devel package installable in the presence of LibreSSL - cleanup after the update-message if it was displayed - add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly [bnc#943096]
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 86182
    published 2015-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86182
    title openSUSE Security Update : mysql-community-server (openSUSE-2015-608)
  • NASL family Databases
    NASL id MYSQL_5_6_25_RPM.NASL
    description The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.25. It is, therefore, affected by the following vulnerabilities : - Multiple denial of service vulnerabilities exist in the following subcomponents which can be exploited by a remote, authenticated attacker : - Partition (CVE-2015-2617) - DML (CVE-2015-2648, CVE-2015-2611) - GIS (CVE-2015-2582) - I_S (CVE-2015-4752) - Optimizer (CVE-2015-2643) - Partition (CVE-2015-4772) - Memcached (CVE-2015-4761) - RBR (CVE-2015-4771) - Security:Firewall (CVE-2015-4769, CVE-2015-4767) - Security:Privileges (CVE-2015-2641) - An unspecified vulnerability exists related to the Security:Firewall subcomponent that can be exploited by an authenticated, remote attacker to have an impact on the integrity of the system. (CVE-2015-2639) - A denial of service vulnerability exists in the Client subcomponent which can be exploited by a local attacker. (CVE-2015-2661) - An unspecified flaw exists in the Security:Privileges subcomponent. An authenticated, remote attacker can exploit this to impact integrity. (CVE-2015-4864)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 85539
    published 2015-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85539
    title Oracle MySQL 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1788-1.NASL
    description MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on : - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the 'BACKRONYM' security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed : - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86537
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86537
    title SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201610-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201610-06 (MySQL and MariaDB: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL and MariaDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit vulnerabilities, through multiple vectors, that affect the confidentiality, integrity, and availability of MySQL and MariaDB. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-12
    plugin id 93993
    published 2016-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93993
    title GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2674-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-25.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84915
    published 2015-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84915
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1)
redhat via4
advisories
  • rhsa
    id RHSA-2015:1630
  • rhsa
    id RHSA-2015:1646
refmap via4
bid 75753
confirm http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
gentoo GLSA-201610-06
sectrack 1032911
suse openSUSE-SU-2015:1629
ubuntu USN-2674-1
Last major update 21-12-2016 - 21:59
Published 16-07-2015 - 07:01
Last modified 04-01-2018 - 21:30
Back to Top