Korean
<< Back
VID 25215
Severity 40
Port 3306
Protocol TCP
Class DB
Detailed Description The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities :

- A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the 'rm' and 'chown' commands. A local attacker can exploit this to gain elevated privileges.

- An unspecified flaw exists in the mysqld_safe component that allows an authenticated, remote attacker to have an unspecified impact.

- An overflow condition exists in the Optimizer component due to improper validation of user-supplied input when handling nested expressions. An authenticated, remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition.

- An unspecified flaw exists when handling a CREATE TABLE query with a DATA DIRECTORY clause. An authenticated, remote attacker can exploit this to gain elevated privileges.

* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.

* References:
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html

* Platforms Affected:
MySQL 5.6.x prior to 5.6.35
Any operating system Any version
Recommendation Upgrade to the latest version of MySQL (5.6.35 or later), available from the MySQL Web site at http://www.mysql.com/
Related URL (CVE)
Related URL (SecurityFocus)
Related URL (ISS)