Is Spectrum impacted by these MySQL Vulnerabilities?

book

Article ID: 36830

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Multiple vulnerabilities were reported in MySQL. A remote user can access data on the target system. A remote authenticated user can modify data on the target system. A remote user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. 
 

Is Spectrum affected by the following MYSQL Vulnerabilities?

Affected Technology: MySQL
Vulnerability Severity: Medium
Reference: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html


A local user can exploit a flaw in the Client component to gain elevated privileges [CVE-2016-0546].

A remote authenticated user can exploit a flaw in the Server: DML component to cause denial of service conditions [CVE-2016-0504].

A remote authenticated user can exploit a flaw in the Server: Options component to cause denial of service conditions [CVE-2016-0505].

A remote authenticated user can exploit a flaw in the Server: DML component to cause partial denial of service conditions [CVE-2016-0503], CVE-2016-0594, CVE-2016-0595, CVE-2016-0596].

A remote authenticated user can exploit a flaw in the Server: Optimizer component to cause partial denial of service conditions [CVE-2016-0502, CVE-2016-0597, CVE-2016-0599, CVE-2016-0611, CVE-2016-0616].

A remote authenticated user can exploit a flaw in the Server: DML component to cause partial denial of service conditions [CVE-2016-0598].

A remote authenticated user can exploit a flaw in the Server: InnoDB component to cause partial denial of service conditions [CVE-2016-0600, CVE-2016-0610].

A remote authenticated user can exploit a flaw in the Server: Partition component to cause partial denial of service conditions [CVE-2016-0601].

A remote authenticated user can exploit a flaw in the Server: Security: Encryption component to partially modify data [CVE-2016-0606].

A remote authenticated user can exploit a flaw in the Server: UDF component to cause partial denial of service conditions [CVE-2016-0608].

A remote user can exploit a flaw in the Server: Replication component to cause partial denial of service conditions [CVE-2016-0607].

A remote user can exploit a flaw in the Server: Security: Encryption component to partially access data [CVE-2015-7744].

A remote authenticated user can exploit a flaw in the Server: General component to cause partial denial of service conditions [CVE-2016-0605].

A remote user can exploit a flaw in the Server: Security: Privileges component to cause partial denial of service conditions [CVE-2016-0609].

Impact(s):
A remote user can partial access data on the target system.

A remote authenticated user can partially modify data on the target system.

A remote user can cause partial denial of service conditions.

A local user can obtain elevated privileges on the target system.

CVE:
CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616 

Environment

Affected OS(s):
Linux (Any), UNIX (Any), Windows (Any)

Affected MYSQL Version(s):
5.5.46 and prior, 5.6.27 and prior, 5.7.9 
 

Resolution

These vulnerabilities have been addressed in Spectrum 10.2 and above.

Additional Information

These vulnerabilities are reported at MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges.