| VID |
25174 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MySQL 5.7 installed on the remote host is earlier than 5.7.10 and is, therefore, affected by the following vulnerabilities :
- A denial of service vulnerability exists due to repeatedly executing a prepared statement when the default database has been changed. An authenticated, remote attacker can exploit this to cause the server to exit. (OSVDB 131599)
- A denial of service vulnerability exists due to a use-after-free error that is triggered when generated column expressions are reevaluated. An authenticated, remote attacker can exploit this to deference already freed memory, thus causing the server to exit. (OSVDB 131600)
- A denial of service vulnerability exists due to a flaw that is triggered when selecting DECIMAL values into user-defined variables. An authenticated, remote attacker can exploit this to cause the server to exit. (OSVDB 131601)
- A denial of service vulnerability exists due to a use-after-free error in spatial functions. An authenticated, remote attacker can exploit this to deference already freed memory, thus causing the server to exit. (OSVDB 131602)
- A flaw exists in InnoDB due to a failure to check for destination files with the same name when using the ALTER TABLE operation to convert a table to an InnoDB file-per-table tablespace. An authenticated, remote attacker can exploit this to cause a denial of service. (OSVDB 131603)
- A NULL pointer dereference flaw exists in InnoDB due to a failure to properly check the return value of an unspecified function call used in a DROP TABLE operation. An authenticated, remote attacker can exploit this to cause a denial of service. (OSVDB 131604)
* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.
* References:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html
* Platforms Affected:
MySQL versions 5.7 prior to 5.7.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (5.7.10 or later), available from the MySQL Download Web site at http://www.mysql.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
