Vulnerabilities > CVE-2015-0405

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.

Vulnerable Configurations

Part Description Count
Application
Oracle
499
Application
Novell
1
OS
Novell
3

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_6_23.NASL
    descriptionThe version of MySQL running on the remote host is version 5.5.x prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore, potentially affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn
    last seen2020-06-01
    modified2020-06-02
    plugin id82799
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82799
    titleMySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82799);
      script_version("1.8");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id(
        "CVE-2014-3569",
        "CVE-2015-0405",
        "CVE-2015-0423",
        "CVE-2015-0433",
        "CVE-2015-0438",
        "CVE-2015-0439",
        "CVE-2015-0441",
        "CVE-2015-2566",
        "CVE-2015-2568",
        "CVE-2015-2573"
      );
      script_bugtraq_id(
        71934,
        74073,
        74078,
        74085,
        74089,
        74091,
        74098,
        74103,
        74110,
        74126
      );
    
      script_name(english:"MySQL 5.5.x < 5.5.42 / 5.6.x < 5.6.23 Multiple DoS Vulnerabilities (April 2015 CPU)");
      script_summary(english:"Checks the version of MySQL server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple denial of service
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL running on the remote host is version 5.5.x
    prior to 5.5.42 or version 5.6.x prior to 5.6.23. It is, therefore,
    potentially affected by multiple denial of service vulnerabilities :
    
      - A NULL pointer dereference flaw exists when the SSLv3
        option isn't enabled and an SSLv3 ClientHello is
        received. This allows a remote attacker, using an
        unexpected handshake, to crash the daemon, resulting in
        a denial of service. (CVE-2014-3569)
    
      - Additionally, there are unspecified flaws in the
        following MySQL subcomponents that allow a denial of
        service by an authenticated, remote attacker :
    
        - XA (CVE-2015-0405)
        - Optimizer (CVE-2015-0423)
        - InnoDB : DML (CVE-2015-0433)
        - Partition (CVE-2015-0438)
        - InnoDB (CVE-2015-0439)
        - Security : Encryption (CVE-2015-0441)
        - DML (CVE-2015-2566)
        - Security : Privileges (CVE-2015-2568)
        - DDL (CVE-2015-2573)");
      # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?915d056a");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 5.5.42 / 5.6.23 or later as referenced in the
    Oracle April 2015 Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/15");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    mysql_check_version(fixed:make_list('5.5.42', '5.6.23'), severity:SECURITY_WARNING);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201507-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201507-19 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86088
    published2015-09-23
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86088
    titleGLSA-201507-19 : MySQL: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0946-1.NASL
    descriptionMySQL was updated to version 5.5.43 to fix several security and non security issues : CVEs fixed: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2576. Fix integer overflow in regcomp (Henry Spencer
    last seen2020-06-01
    modified2020-06-02
    plugin id83860
    published2015-05-27
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83860
    titleSUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)