Vulnerabilities > CVE-2014-0386

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
oracle
mariadb
canonical
debian
redhat
nessus

Summary

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Configurations

Part Description Count
Application
Oracle
144
Application
Mariadb
19
OS
Canonical
4
OS
Debian
2
OS
Redhat
9

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_1_72.NASL
    descriptionThe version of MySQL installed on the remote host is 5.1.x prior to 5.1.72. It is, therefore, reportedly affected by vulnerabilities in the following components : - InnoDB - Locking - Optimizer
    last seen2020-06-01
    modified2020-06-02
    plugin id71971
    published2014-01-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71971
    titleMySQL 5.1.x < 5.1.72 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2845.NASL
    descriptionThis DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple unspecified security problems in MySQL: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml
    last seen2020-03-17
    modified2014-01-20
    plugin id72010
    published2014-01-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72010
    titleDebian DSA-2845-1 : mysql-5.1 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140527.NASL
    descriptionMySQL was updated to version 5.5.37 to address various security issues. More information is available at http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml#AppendixMSQL and http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.h tml#AppendixMSQL .
    last seen2020-06-05
    modified2014-06-07
    plugin id74373
    published2014-06-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74373
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9303)
  • NASL familyDatabases
    NASL idMYSQL_5_5_34.NASL
    descriptionThe version of MySQL installed on the remote host is 5.5.x prior to 5.5.34. It is, therefore, potentially affected by vulnerabilities in the following components : - InnoDB - Locking - Partition - Optimizer
    last seen2020-04-30
    modified2014-01-15
    plugin id71973
    published2014-01-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71973
    titleMySQL 5.5 < 5.5.34 Multiple Vulnerabilities
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0035.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix date in the test - Fix (CVE-2016-6662, CVE-2016-6663) Resolves: #1397309 - Fixed reload_acl_and_cache Resolves: #1281370 - Add support for TLSv1.1 and TLSv1.2 - Fixed test events_1 (end date in past) Resolves: #1287048
    last seen2020-06-01
    modified2020-06-02
    plugin id96790
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96790
    titleOracleVM 3.3 / 3.4 : mysql (OVMSA-2017-0035)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0164.NASL
    descriptionUpdated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. This update also fixes the following bug : * Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. (BZ#1058719) These updated packages upgrade MySQL to version 5.1.73. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72491
    published2014-02-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72491
    titleCentOS 6 : mysql (CESA-2014:0164)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0164.NASL
    descriptionFrom Red Hat Security Advisory 2014:0164 : Updated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. This update also fixes the following bug : * Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. (BZ#1058719) These updated packages upgrade MySQL to version 5.1.73. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72471
    published2014-02-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72471
    titleOracle Linux 6 : mysql (ELSA-2014-0164)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140218_MYSQL55_MYSQL_ON_SL5_X.NASL
    descriptionA buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) Upstream does not issue any more security advisories for the MySQL 5.0 packages (mysql-5.0.* and related packages). The only trusted way to upgrade from MySQL 5.0 to MySQL 5.5 is by using MySQL 5.1 as an intermediate step. This is why the mysql51* Software Collection packages are provided. Note that the MySQL 5.1 packages are not supported and are provided only for the purposes of migrating to MySQL 5.5. You should not use the mysql51* packages on any of your production systems. Specific instructions for this migration are provided by the upstream Deployment Guide. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2014-02-19
    plugin id72569
    published2014-02-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72569
    titleScientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20140218)
  • NASL familyDatabases
    NASL idMARIADB_5_5_35.NASL
    descriptionThe version of MariaDB 5.5 running on the remote host is a version prior to 5.5.35. It is, therefore, potentially affected by the following vulnerabilities : - Errors exist related to the following subcomponents : Error Handling, FTS, GIS, InnoDB, Locking, Optimizer, Partition, Performance Schema, Privileges, Replication, and Thread Pooling. (CVE-2013-5860, CVE-2013-5881, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437) - An unspecified error exists related to stored procedures handling that could allow denial of service attacks. (CVE-2013-5882) - An error exists in the file
    last seen2020-06-01
    modified2020-06-02
    plugin id72374
    published2014-02-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72374
    titleMariaDB 5.5 < 5.5.35 Multiple Vulnerabilities
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16389.NASL
    descriptionCVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. CVE-2014-0437 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2014-0393 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. CVE-2014-0386 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2014-0412 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2014-0402 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
    last seen2020-06-01
    modified2020-06-02
    plugin id82672
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82672
    titleF5 Networks BIG-IP : Multiple MySQL vulnerabilities (K16389)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0173.NASL
    descriptionThe remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0173.
    last seen2020-06-01
    modified2020-06-02
    plugin id72863
    published2014-03-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72863
    titleCentOS 6 : mysql55-mysql (CESA-2014:0173)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-028.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in mariadb : Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string (CVE-2014-0001). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB (CVE-2014-0412). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer (CVE-2014-0437). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling (CVE-2013-5908). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication (CVE-2014-0420). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB (CVE-2014-0393). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition (CVE-2013-5891). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer (CVE-2014-0386). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors (CVE-2014-0401). Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking (CVE-2014-0402). The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id72495
    published2014-02-14
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72495
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2014:028)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0186.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2013-5807, CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72568
    published2014-02-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72568
    titleRHEL 5 : mysql55-mysql (RHSA-2014:0186)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2848.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2014-01-24
    plugin id72109
    published2014-01-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72109
    titleDebian DSA-2848-1 : mysql-5.5 - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201409-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201409-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly gain escalated privileges. A remote attacker could send a specially crafted SQL query, possibly resulting in a Denial of Service condition. A remote attacker could entice a user to connect to specially crafted MySQL server, possibly resulting in execution of arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77548
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77548
    titleGLSA-201409-04 : MySQL: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0164.NASL
    descriptionUpdated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. This update also fixes the following bug : * Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. (BZ#1058719) These updated packages upgrade MySQL to version 5.1.73. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72474
    published2014-02-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72474
    titleRHEL 6 : mysql (RHSA-2014:0164)
  • NASL familyDatabases
    NASL idMYSQL_5_6_14.NASL
    descriptionThe version of MySQL installed on the remote host is 5.6.x older than 5.6.14. As such, it is reportedly affected by vulnerabilities in the following components : - FTS - InnoDB - Locking - Optimizer - Partition - Performance Schema - Stored Procedure - Thread Pooling
    last seen2020-06-01
    modified2020-06-02
    plugin id71975
    published2014-01-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71975
    titleMySQL 5.6.x < 5.6.14 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0189.NASL
    descriptionThe remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0189.
    last seen2020-06-01
    modified2020-06-02
    plugin id72864
    published2014-03-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72864
    titleCentOS 6 : mariadb55-mariadb (CESA-2014:0189)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0186.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2013-5807, CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72592
    published2014-02-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72592
    titleCentOS 5 : mysql55-mysql (CESA-2014:0186)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2086-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.h tml. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-01-22
    plugin id72089
    published2014-01-22
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72089
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : mysql-5.5, mysql-dfsg-5.1 vulnerabilities (USN-2086-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-298.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402 , CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001)
    last seen2020-06-01
    modified2020-06-02
    plugin id72946
    published2014-03-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72946
    titleAmazon Linux AMI : mysql51 (ALAS-2014-298)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140212_MYSQL_ON_SL6_X.NASL
    description(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) This update also fixes the following bug : - Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2014-02-13
    plugin id72477
    published2014-02-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72477
    titleScientific Linux Security Update : mysql on SL6.x i386/x86_64 (20140212)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0186.NASL
    descriptionFrom Red Hat Security Advisory 2014:0186 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2013-5807, CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id72566
    published2014-02-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72566
    titleOracle Linux 5 : mysql55-mysql (ELSA-2014-0186)

Redhat

advisories
  • rhsa
    idRHSA-2014:0164
  • rhsa
    idRHSA-2014:0173
  • rhsa
    idRHSA-2014:0186
  • rhsa
    idRHSA-2014:0189
rpms
  • mysql-0:5.1.73-3.el6_5
  • mysql-bench-0:5.1.73-3.el6_5
  • mysql-debuginfo-0:5.1.73-3.el6_5
  • mysql-devel-0:5.1.73-3.el6_5
  • mysql-embedded-0:5.1.73-3.el6_5
  • mysql-embedded-devel-0:5.1.73-3.el6_5
  • mysql-libs-0:5.1.73-3.el6_5
  • mysql-server-0:5.1.73-3.el6_5
  • mysql-test-0:5.1.73-3.el6_5
  • mysql55-mysql-0:5.5.36-1.1.el6
  • mysql55-mysql-bench-0:5.5.36-1.1.el6
  • mysql55-mysql-debuginfo-0:5.5.36-1.1.el6
  • mysql55-mysql-devel-0:5.5.36-1.1.el6
  • mysql55-mysql-libs-0:5.5.36-1.1.el6
  • mysql55-mysql-server-0:5.5.36-1.1.el6
  • mysql55-mysql-test-0:5.5.36-1.1.el6
  • mysql55-mysql-0:5.5.36-2.el5
  • mysql55-mysql-bench-0:5.5.36-2.el5
  • mysql55-mysql-debuginfo-0:5.5.36-2.el5
  • mysql55-mysql-devel-0:5.5.36-2.el5
  • mysql55-mysql-libs-0:5.5.36-2.el5
  • mysql55-mysql-server-0:5.5.36-2.el5
  • mysql55-mysql-test-0:5.5.36-2.el5
  • mariadb55-mariadb-0:5.5.35-1.1.el6
  • mariadb55-mariadb-bench-0:5.5.35-1.1.el6
  • mariadb55-mariadb-debuginfo-0:5.5.35-1.1.el6
  • mariadb55-mariadb-devel-0:5.5.35-1.1.el6
  • mariadb55-mariadb-libs-0:5.5.35-1.1.el6
  • mariadb55-mariadb-server-0:5.5.35-1.1.el6
  • mariadb55-mariadb-test-0:5.5.35-1.1.el6