Is Spectrum impacted by these MySQL Vulnerabilties?

Article Id: 36830
Status: Published
Updated On: 01-05-2019 06:37
Legacy Id: TEC1815593
Products:
CA Spectrum - OneClick , CA Spectrum - Reporting , CA Spectrum - Integrations , CA Spectrum - Alarms & Event Management
Issue/Introduction:

Multiple vulnerabilities were reported in MySQL. A remote user can access data on the target system. A remote authenticated user can modify data on the target system. A remote user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. 
 

Is Spectrum affected by the following MYSQL Vulnerabilities?

Affected Technology: MySQL
Vulnerability Severity: Medium
Reference: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html


A local user can exploit a flaw in the Client component to gain elevated privileges [CVE-2016-0546].

A remote authenticated user can exploit a flaw in the Server: DML component to cause denial of service conditions [CVE-2016-0504].

A remote authenticated user can exploit a flaw in the Server: Options component to cause denial of service conditions [CVE-2016-0505].

A remote authenticated user can exploit a flaw in the Server: DML component to cause partial denial of service conditions [CVE-2016-0503], CVE-2016-0594, CVE-2016-0595, CVE-2016-0596].

A remote authenticated user can exploit a flaw in the Server: Optimizer component to cause partial denial of service conditions [CVE-2016-0502, CVE-2016-0597, CVE-2016-0599, CVE-2016-0611, CVE-2016-0616].

A remote authenticated user can exploit a flaw in the Server: DML component to cause partial denial of service conditions [CVE-2016-0598].

A remote authenticated user can exploit a flaw in the Server: InnoDB component to cause partial denial of service conditions [CVE-2016-0600, CVE-2016-0610].

A remote authenticated user can exploit a flaw in the Server: Partition component to cause partial denial of service conditions [CVE-2016-0601].

A remote authenticated user can exploit a flaw in the Server: Security: Encryption component to partially modify data [CVE-2016-0606].

A remote authenticated user can exploit a flaw in the Server: UDF component to cause partial denial of service conditions [CVE-2016-0608].

A remote user can exploit a flaw in the Server: Replication component to cause partial denial of service conditions [CVE-2016-0607].

A remote user can exploit a flaw in the Server: Security: Encryption component to partially access data [CVE-2015-7744].

A remote authenticated user can exploit a flaw in the Server: General component to cause partial denial of service conditions [CVE-2016-0605].

A remote user can exploit a flaw in the Server: Security: Privileges component to cause partial denial of service conditions [CVE-2016-0609].

Impact(s):
A remote user can partial access data on the target system.

A remote authenticated user can partially modify data on the target system.

A remote user can cause partial denial of service conditions.

A local user can obtain elevated privileges on the target system.

CVE:
CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616 

Environment:

Affected OS(s):
Linux (Any), UNIX (Any), Windows (Any)

Affected MYSQL Version(s):
5.5.46 and prior, 5.6.27 and prior, 5.7.9 
 

Resolution:

These vulnerabilities have been addressed in Spectrum 10.2 and above.

Additional Information:

These vulnerabilities are reported at MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges.