ID

VAR-201410-0859


CVE

CVE-2014-6559


TITLE

Oracle MySQL Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201410-455

DESCRIPTION

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Oracle MySQL Server is prone to a remote security vulnerability. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'C API SSL CERTIFICATE HANDLING' sub component is affected. This vulnerability affects the following supported versions: 5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb security update Advisory ID: RHSA-2014:1861-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1861.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm ppc64: mariadb-5.5.40-1.el7_0.ppc64.rpm mariadb-bench-5.5.40-1.el7_0.ppc64.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-devel-5.5.40-1.el7_0.ppc.rpm mariadb-devel-5.5.40-1.el7_0.ppc64.rpm mariadb-libs-5.5.40-1.el7_0.ppc.rpm mariadb-libs-5.5.40-1.el7_0.ppc64.rpm mariadb-server-5.5.40-1.el7_0.ppc64.rpm mariadb-test-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-5.5.40-1.el7_0.s390x.rpm mariadb-bench-5.5.40-1.el7_0.s390x.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-devel-5.5.40-1.el7_0.s390.rpm mariadb-devel-5.5.40-1.el7_0.s390x.rpm mariadb-libs-5.5.40-1.el7_0.s390.rpm mariadb-libs-5.5.40-1.el7_0.s390x.rpm mariadb-server-5.5.40-1.el7_0.s390x.rpm mariadb-test-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-5.5.40-1.el7_0.s390.rpm mariadb-embedded-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadeuXlSAg2UNWIIRAq0FAKC2DOhAOg/q+zlOLLV3ztECJ+Gh0gCdEGtr rmT+kQlZKObKWBl1L2CyGEU= =yhRc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2384-1 October 15, 2014 mysql-5.5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in MySQL. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.12.04.1 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL, MariaDB: Multiple vulnerabilities Date: November 05, 2014 Bugs: #525504 ID: 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. MariaDB is an enhanced, drop-in replacement for MySQL. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.5.40 >= 5.5.40 2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40" All MariaDB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1" References ========== [ 1 ] CVE-2014-6464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464 [ 2 ] CVE-2014-6469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469 [ 3 ] CVE-2014-6491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491 [ 4 ] CVE-2014-6494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494 [ 5 ] CVE-2014-6496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496 [ 6 ] CVE-2014-6500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500 [ 7 ] CVE-2014-6507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507 [ 8 ] CVE-2014-6555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555 [ 9 ] CVE-2014-6559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the unstable distribution (sid), these problems will be fixed soon. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 3

Trust: 1.89

sources: NVD: CVE-2014-6559 // BID: 70487 // VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128990 // PACKETSTORM: 128759 // PACKETSTORM: 129122

AFFECTED PRODUCTS

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.5.39

Trust: 1.0

vendor:mariadbmodel:mariadbscope:gteversion:10.0.0

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.6.20

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.5.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:12

Trust: 1.0

vendor:mariadbmodel:mariadbscope:ltversion:5.5.40

Trust: 1.0

vendor:susemodel:linux enterprise workstation extensionscope:eqversion:12

Trust: 1.0

vendor:mariadbmodel:mariadbscope:gteversion:5.5.0

Trust: 1.0

vendor:junipermodel:junos spacescope:lteversion:15.1

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.6.0

Trust: 1.0

vendor:mariadbmodel:mariadbscope:ltversion:10.0.15

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:12

Trust: 1.0

vendor:junipermodel:junos spacescope:eqversion:15.1

Trust: 0.6

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

sources: BID: 70487 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6559
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201410-455
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74503
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-6559
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6559
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-74503
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-6559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-455

TYPE

Unknown

Trust: 0.3

sources: BID: 70487

PATCH

title:Oracle MySQL Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206017

Trust: 0.6

title:Red Hat: CVE-2014-6559url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-6559

Trust: 0.1

title:Amazon Linux AMI: ALAS-2014-428url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-428

Trust: 0.1

title:Ubuntu Security Notice: mysql-5.5 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2384-1

Trust: 0.1

title:Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dc9d1bd54965b02ce0b328f02c7c1489

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf

Trust: 0.1

sources: VULMON: CVE-2014-6559 // CNNVD: CNNVD-201410-455

EXTERNAL IDS

db:NVDid:CVE-2014-6559

Trust: 2.7

db:BIDid:70487

Trust: 2.1

db:SECUNIAid:62073

Trust: 1.8

db:SECUNIAid:61579

Trust: 1.8

db:JUNIPERid:JSA10698

Trust: 1.8

db:CNNVDid:CNNVD-201410-455

Trust: 0.7

db:VULHUBid:VHN-74503

Trust: 0.1

db:VULMONid:CVE-2014-6559

Trust: 0.1

db:PACKETSTORMid:129123

Trust: 0.1

db:PACKETSTORMid:129125

Trust: 0.1

db:PACKETSTORMid:128698

Trust: 0.1

db:PACKETSTORMid:128990

Trust: 0.1

db:PACKETSTORMid:128759

Trust: 0.1

db:PACKETSTORMid:129122

Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // BID: 70487 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128990 // PACKETSTORM: 128759 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Trust: 2.0

url:http://security.gentoo.org/glsa/glsa-201411-02.xml

Trust: 1.9

url:http://www.securityfocus.com/bid/70487

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 1.8

url:http://secunia.com/advisories/61579

Trust: 1.8

url:http://secunia.com/advisories/62073

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

Trust: 1.8

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10698

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-6469

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6555

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6464

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6507

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6559

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-6463

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6551

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6484

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-4274

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-4287

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6505

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6520

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6530

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2014-6559

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2014-6463

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4260

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6551

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-2494

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4274

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4207

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4243

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6505

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4258

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#appendixmsql

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6464

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6484

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4260

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-4287

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#appendixmsql

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-2494

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6507

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6530

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4243

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6469

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6520

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4207

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-6555

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-6491

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-6500

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-6496

Trust: 0.3

url:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-6494

Trust: 0.3

url:https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-6478

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-6495

Trust: 0.2

url:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-5615

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10698

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2014-6559

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2384-1/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=36083

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-1861.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-1862.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2384-1

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6559

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6507

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6500

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6464

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6494

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6491

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6555

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6469

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6496

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-1859.html

Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128990 // PACKETSTORM: 128759 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CREDITS

Oracle

Trust: 0.3

sources: BID: 70487

SOURCES

db:VULHUBid:VHN-74503
db:VULMONid:CVE-2014-6559
db:BIDid:70487
db:PACKETSTORMid:129123
db:PACKETSTORMid:129125
db:PACKETSTORMid:128698
db:PACKETSTORMid:128990
db:PACKETSTORMid:128759
db:PACKETSTORMid:129122
db:CNNVDid:CNNVD-201410-455
db:NVDid:CVE-2014-6559

LAST UPDATE DATE

2026-07-10T19:57:00.278000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-74503date:2018-12-18T00:00:00
db:VULMONid:CVE-2014-6559date:2022-08-29T00:00:00
db:BIDid:70487date:2015-07-15T01:04:00
db:CNNVDid:CNNVD-201410-455date:2022-08-30T00:00:00
db:NVDid:CVE-2014-6559date:2026-06-17T00:13:21.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-74503date:2014-10-15T00:00:00
db:VULMONid:CVE-2014-6559date:2014-10-15T00:00:00
db:BIDid:70487date:2014-10-14T00:00:00
db:PACKETSTORMid:129123date:2014-11-17T17:10:27
db:PACKETSTORMid:129125date:2014-11-17T17:12:07
db:PACKETSTORMid:128698date:2014-10-15T23:08:56
db:PACKETSTORMid:128990date:2014-11-06T17:09:34
db:PACKETSTORMid:128759date:2014-10-21T00:40:52
db:PACKETSTORMid:129122date:2014-11-17T17:09:19
db:CNNVDid:CNNVD-201410-455date:2014-10-17T00:00:00
db:NVDid:CVE-2014-6559date:2014-10-15T22:55:08.390