Vulnerabilities > CVE-2014-4243

047910
CVSS 2.8 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
MULTIPLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
oracle
mariadb
suse
nessus

Summary

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

Vulnerable Configurations

Part Description Count
OS
Oracle
1
OS
Suse
4
Application
Oracle
54
Application
Mariadb
23

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1861.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79300
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79300
    titleCentOS 7 : mariadb (CESA-2014:1861)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1861.NASL
    descriptionFrom Red Hat Security Advisory 2014:1861 : Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79370
    published2014-11-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79370
    titleOracle Linux 7 : mariadb (ELSA-2014-1861)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1859.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79299
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79299
    titleCentOS 5 : mysql55-mysql (CESA-2014:1859)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-091.NASL
    descriptionThis update provides MariaDB 5.5.42, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. Additionally the jemalloc packages is being provided as it was previousely provided with the mariadb source code, built and used but removed from the mariadb source code since 5.5.40.
    last seen2020-06-01
    modified2020-06-02
    plugin id82344
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82344
    titleMandriva Linux Security Advisory : mariadb (MDVSA-2015:091)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1859.NASL
    descriptionUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79302
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79302
    titleRHEL 5 : mysql55-mysql (RHSA-2014:1859)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1861.NASL
    descriptionUpdated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79303
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79303
    titleRHEL 7 : mariadb (RHSA-2014:1861)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141117_MARIADB_ON_SL7_X.NASL
    descriptionThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2014-11-18
    plugin id79304
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79304
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20141117)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141117_MYSQL55_MYSQL_ON_SL5_X.NASL
    descriptionThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-03-18
    modified2014-11-18
    plugin id79305
    published2014-11-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79305
    titleScientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20141117)
  • NASL familyDatabases
    NASL idMYSQL_5_6_16.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.6.x prior to 5.6.16. It is, therefore, affected by vulnerabilities in the following components : - DML - ENFED - Federated - MyISAM - Optimizer - Partition - Privileges - Replication - XML
    last seen2020-06-01
    modified2020-06-02
    plugin id73573
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73573
    titleMySQL 5.6.x < 5.6.16 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMARIADB_10_0_9.NASL
    descriptionThe version of MariaDB 10 running on the remote host is a version prior to 10.0.9. It is, therefore, potentially affected by denial of service vulnerabilities that can be exploited by authenticated, remote attackers. These vulnerabilities are due to errors in several components, including the following: - Partition (CVE-2014-2419) - Replication (CVE-2014-2438) - XML (CVE-2014-0384) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id72713
    published2019-09-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72713
    titleMariaDB 10 < 10.0.9 Multiple DoS Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140819.NASL
    descriptionThis MySQL update provides the following : - upgrade to version 5.5.39, [bnc#887580] - CVE
    last seen2020-06-05
    modified2014-08-29
    plugin id77434
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77434
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMYSQL55CLIENT18-140820.NASL
    descriptionThis MySQL update provides the following : - upgrade to version 5.5.39, [bnc#887580] - CVE
    last seen2020-06-05
    modified2014-08-29
    plugin id77435
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77435
    titleSuSE 11.3 Security Update : MySQL (SAT Patch Number 9624)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1859.NASL
    descriptionFrom Red Hat Security Advisory 2014:1859 : Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id79369
    published2014-11-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79369
    titleOracle Linux 5 : mysql55-mysql (ELSA-2014-1859)
  • NASL familyDatabases
    NASL idMYSQL_5_5_36.NASL
    descriptionThe version of MySQL installed on the remote host is version 5.5.x prior to 5.5.36. It is, therefore, affected by vulnerabilities in the following components : - ENFED - Federated - Partition - Replication - XML
    last seen2020-06-01
    modified2020-06-02
    plugin id73572
    published2014-04-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73572
    titleMySQL 5.5.x < 5.5.36 Multiple Vulnerabilities

Redhat

rpms
  • mysql55-mysql-0:5.5.40-2.el5
  • mysql55-mysql-bench-0:5.5.40-2.el5
  • mysql55-mysql-debuginfo-0:5.5.40-2.el5
  • mysql55-mysql-devel-0:5.5.40-2.el5
  • mysql55-mysql-libs-0:5.5.40-2.el5
  • mysql55-mysql-server-0:5.5.40-2.el5
  • mysql55-mysql-test-0:5.5.40-2.el5
  • mysql55-mysql-0:5.5.40-1.el6
  • mysql55-mysql-0:5.5.40-1.el7
  • mysql55-mysql-bench-0:5.5.40-1.el6
  • mysql55-mysql-bench-0:5.5.40-1.el7
  • mysql55-mysql-debuginfo-0:5.5.40-1.el6
  • mysql55-mysql-debuginfo-0:5.5.40-1.el7
  • mysql55-mysql-devel-0:5.5.40-1.el6
  • mysql55-mysql-devel-0:5.5.40-1.el7
  • mysql55-mysql-libs-0:5.5.40-1.el6
  • mysql55-mysql-libs-0:5.5.40-1.el7
  • mysql55-mysql-server-0:5.5.40-1.el6
  • mysql55-mysql-server-0:5.5.40-1.el7
  • mysql55-mysql-test-0:5.5.40-1.el6
  • mysql55-mysql-test-0:5.5.40-1.el7
  • mariadb-1:5.5.40-1.el7_0
  • mariadb-bench-1:5.5.40-1.el7_0
  • mariadb-debuginfo-1:5.5.40-1.el7_0
  • mariadb-devel-1:5.5.40-1.el7_0
  • mariadb-embedded-1:5.5.40-1.el7_0
  • mariadb-embedded-devel-1:5.5.40-1.el7_0
  • mariadb-libs-1:5.5.40-1.el7_0
  • mariadb-server-1:5.5.40-1.el7_0
  • mariadb-test-1:5.5.40-1.el7_0
  • mariadb55-mariadb-0:5.5.40-10.el6
  • mariadb55-mariadb-0:5.5.40-10.el7
  • mariadb55-mariadb-bench-0:5.5.40-10.el6
  • mariadb55-mariadb-bench-0:5.5.40-10.el7
  • mariadb55-mariadb-debuginfo-0:5.5.40-10.el6
  • mariadb55-mariadb-debuginfo-0:5.5.40-10.el7
  • mariadb55-mariadb-devel-0:5.5.40-10.el6
  • mariadb55-mariadb-devel-0:5.5.40-10.el7
  • mariadb55-mariadb-libs-0:5.5.40-10.el6
  • mariadb55-mariadb-libs-0:5.5.40-10.el7
  • mariadb55-mariadb-server-0:5.5.40-10.el6
  • mariadb55-mariadb-server-0:5.5.40-10.el7
  • mariadb55-mariadb-test-0:5.5.40-10.el6
  • mariadb55-mariadb-test-0:5.5.40-10.el7