Details of VAR-201410-0859

ID

VAR-201410-0859

CVE

CVE-2014-6559

TITLE

Oracle MySQL of MySQL Server In C API SSL CERTIFICATE HANDLING Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004803

DESCRIPTION

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Oracle MySQL Server is prone to a remote security vulnerability. The vulnerability can be exploited over the 'MySQL Protocol' protocol. This vulnerability affects the following supported versions: 5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mariadb security update Advisory ID: RHSA-2014:1861-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1861.html Issue date: 2014-11-17 CVE Names: CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1120382 - CVE-2014-2494 mysql: unspecified vulnerability related to ENARC (CPU July 2014) 1120383 - CVE-2014-4207 mysql: unspecified vulnerability related to SROPTZR (CPU July 2014) 1120385 - CVE-2014-4243 mysql: unspecified vulnerability related to ENFED (CPU July 2014) 1120387 - CVE-2014-4258 mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014) 1120388 - CVE-2014-4260 mysql: unspecified vulnerability related to SRCHAR (CPU July 2014) 1126271 - CVE-2014-4274 mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014) 1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014) 1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014) 1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014) 1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014) 1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014) 1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014) 1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014) 1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014) 1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm ppc64: mariadb-5.5.40-1.el7_0.ppc64.rpm mariadb-bench-5.5.40-1.el7_0.ppc64.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-devel-5.5.40-1.el7_0.ppc.rpm mariadb-devel-5.5.40-1.el7_0.ppc64.rpm mariadb-libs-5.5.40-1.el7_0.ppc.rpm mariadb-libs-5.5.40-1.el7_0.ppc64.rpm mariadb-server-5.5.40-1.el7_0.ppc64.rpm mariadb-test-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-5.5.40-1.el7_0.s390x.rpm mariadb-bench-5.5.40-1.el7_0.s390x.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-devel-5.5.40-1.el7_0.s390.rpm mariadb-devel-5.5.40-1.el7_0.s390x.rpm mariadb-libs-5.5.40-1.el7_0.s390.rpm mariadb-libs-5.5.40-1.el7_0.s390x.rpm mariadb-server-5.5.40-1.el7_0.s390x.rpm mariadb-test-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.40-1.el7_0.ppc.rpm mariadb-debuginfo-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-5.5.40-1.el7_0.ppc64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc.rpm mariadb-embedded-devel-5.5.40-1.el7_0.ppc64.rpm s390x: mariadb-debuginfo-5.5.40-1.el7_0.s390.rpm mariadb-debuginfo-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-5.5.40-1.el7_0.s390.rpm mariadb-embedded-5.5.40-1.el7_0.s390x.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390.rpm mariadb-embedded-devel-5.5.40-1.el7_0.s390x.rpm x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.40-1.el7_0.src.rpm x86_64: mariadb-5.5.40-1.el7_0.x86_64.rpm mariadb-bench-5.5.40-1.el7_0.x86_64.rpm mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-devel-5.5.40-1.el7_0.i686.rpm mariadb-devel-5.5.40-1.el7_0.x86_64.rpm mariadb-libs-5.5.40-1.el7_0.i686.rpm mariadb-libs-5.5.40-1.el7_0.x86_64.rpm mariadb-server-5.5.40-1.el7_0.x86_64.rpm mariadb-test-5.5.40-1.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.40-1.el7_0.i686.rpm mariadb-debuginfo-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-5.5.40-1.el7_0.i686.rpm mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-2494 https://access.redhat.com/security/cve/CVE-2014-4207 https://access.redhat.com/security/cve/CVE-2014-4243 https://access.redhat.com/security/cve/CVE-2014-4258 https://access.redhat.com/security/cve/CVE-2014-4260 https://access.redhat.com/security/cve/CVE-2014-4274 https://access.redhat.com/security/cve/CVE-2014-4287 https://access.redhat.com/security/cve/CVE-2014-6463 https://access.redhat.com/security/cve/CVE-2014-6464 https://access.redhat.com/security/cve/CVE-2014-6469 https://access.redhat.com/security/cve/CVE-2014-6484 https://access.redhat.com/security/cve/CVE-2014-6505 https://access.redhat.com/security/cve/CVE-2014-6507 https://access.redhat.com/security/cve/CVE-2014-6520 https://access.redhat.com/security/cve/CVE-2014-6530 https://access.redhat.com/security/cve/CVE-2014-6551 https://access.redhat.com/security/cve/CVE-2014-6555 https://access.redhat.com/security/cve/CVE-2014-6559 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUadeuXlSAg2UNWIIRAq0FAKC2DOhAOg/q+zlOLLV3ztECJ+Gh0gCdEGtr rmT+kQlZKObKWBl1L2CyGEU= =yhRc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2384-1 October 15, 2014 mysql-5.5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in MySQL. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.12.04.1 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 package: da0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz Slackware x86_64 14.1 package: dbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz Slackware -current package: f9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz Slackware x86_64 -current package: 6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL, MariaDB: Multiple vulnerabilities Date: November 05, 2014 Bugs: #525504 ID: 201411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. MariaDB is an enhanced, drop-in replacement for MySQL. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.5.40 >= 5.5.40 2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40" All MariaDB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1" References ========== [ 1 ] CVE-2014-6464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464 [ 2 ] CVE-2014-6469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469 [ 3 ] CVE-2014-6491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491 [ 4 ] CVE-2014-6494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494 [ 5 ] CVE-2014-6496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496 [ 6 ] CVE-2014-6500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500 [ 7 ] CVE-2014-6507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507 [ 8 ] CVE-2014-6555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555 [ 9 ] CVE-2014-6559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the unstable distribution (sid), these problems will be fixed soon. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 3

Trust: 2.79

sources: NVD: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // BID: 70487 // VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128950 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 128759 // PACKETSTORM: 129122

AFFECTED PRODUCTS

vendor:	oracle	model:	mysql	scope:	lte	version:	5.5.39	Trust: 1.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.20	Trust: 1.8
vendor:	mariadb	model:	mariadb	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	15.1	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	suse	model:	linux enterprise workstation extension	scope:	eq	version:	12	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.0.15	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	5.5.40	Trust: 1.0
vendor:	mysql ab	model:	mysql	scope:	lte	version:	5.5.9	Trust: 0.8
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 0.6
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3

sources: BID: 70487 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6559
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-6559
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-455
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-74503
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-6559
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-6559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-74503
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-6559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-455

TYPE

Unknown

Trust: 0.3

sources: BID: 70487

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004803

PATCH

title:	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2014	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - October 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 0.8
title:	October 2014 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update	Trust: 0.8
title:	JSA10698	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698&actp=search	Trust: 0.8
title:	Oracle MySQL Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206017	Trust: 0.6
title:	Red Hat: CVE-2014-6559	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-6559	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-428	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-428	Trust: 0.1
title:	Ubuntu Security Notice: mysql-5.5 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2384-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dc9d1bd54965b02ce0b328f02c7c1489	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=92308e3c4d305e91c2eba8c9c6835e83	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf	Trust: 0.1

sources: VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // CNNVD: CNNVD-201410-455

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6559	Trust: 3.7
db:	BID	id:	70487	Trust: 2.1
db:	SECUNIA	id:	62073	Trust: 1.8
db:	SECUNIA	id:	61579	Trust: 1.8
db:	JUNIPER	id:	JSA10698	Trust: 1.8
db:	JVNDB	id:	JVNDB-2014-004803	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-455	Trust: 0.7
db:	VULHUB	id:	VHN-74503	Trust: 0.1
db:	VULMON	id:	CVE-2014-6559	Trust: 0.1
db:	PACKETSTORM	id:	129123	Trust: 0.1
db:	PACKETSTORM	id:	129125	Trust: 0.1
db:	PACKETSTORM	id:	128698	Trust: 0.1
db:	PACKETSTORM	id:	128950	Trust: 0.1
db:	PACKETSTORM	id:	128990	Trust: 0.1
db:	PACKETSTORM	id:	129124	Trust: 0.1
db:	PACKETSTORM	id:	128759	Trust: 0.1
db:	PACKETSTORM	id:	129122	Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // BID: 70487 // JVNDB: JVNDB-2014-004803 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128950 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 128759 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Trust: 2.0
url:	http://security.gentoo.org/glsa/glsa-201411-02.xml	Trust: 1.9
url:	http://www.securityfocus.com/bid/70487	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 1.8
url:	http://secunia.com/advisories/61579	Trust: 1.8
url:	http://secunia.com/advisories/62073	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	Trust: 1.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6559	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6559	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6469	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6555	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6464	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6507	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6559	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6463	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6551	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6484	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4274	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4287	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6505	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6520	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6530	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2014-6559	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2014-6463	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4260	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6551	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-2494	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4274	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4207	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4243	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6505	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4258	Trust: 0.4
url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#appendixmsql	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6464	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6484	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4260	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-4287	Trust: 0.4
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#appendixmsql	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2494	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6507	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6530	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4243	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6469	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6520	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4207	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2014-6555	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6491	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6500	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6496	Trust: 0.4
url:	http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6494	Trust: 0.4
url:	https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6478	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6495	Trust: 0.2
url:	http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-5615	Trust: 0.2
url:	http://www.debian.org/security/	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2014-6559	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2384-1/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36083	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1861.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1862.html	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-2384-1	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6555	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6496	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6507	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6500	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6491	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6469	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6494	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6464	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6559	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6507	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6500	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6464	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6494	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6491	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6469	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6496	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1860.html	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1859.html	Trust: 0.1

sources: VULHUB: VHN-74503 // VULMON: CVE-2014-6559 // JVNDB: JVNDB-2014-004803 // PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 128698 // PACKETSTORM: 128950 // PACKETSTORM: 128990 // PACKETSTORM: 129124 // PACKETSTORM: 128759 // PACKETSTORM: 129122 // CNNVD: CNNVD-201410-455 // NVD: CVE-2014-6559

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 129123 // PACKETSTORM: 129125 // PACKETSTORM: 129124 // PACKETSTORM: 129122

SOURCES

db:	VULHUB	id:	VHN-74503
db:	VULMON	id:	CVE-2014-6559
db:	BID	id:	70487
db:	JVNDB	id:	JVNDB-2014-004803
db:	PACKETSTORM	id:	129123
db:	PACKETSTORM	id:	129125
db:	PACKETSTORM	id:	128698
db:	PACKETSTORM	id:	128950
db:	PACKETSTORM	id:	128990
db:	PACKETSTORM	id:	129124
db:	PACKETSTORM	id:	128759
db:	PACKETSTORM	id:	129122
db:	CNNVD	id:	CNNVD-201410-455
db:	NVD	id:	CVE-2014-6559

LAST UPDATE DATE

2025-01-03T20:00:04.664000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-74503	date:	2018-12-18T00:00:00
db:	VULMON	id:	CVE-2014-6559	date:	2022-08-29T00:00:00
db:	BID	id:	70487	date:	2015-07-15T01:04:00
db:	JVNDB	id:	JVNDB-2014-004803	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201410-455	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2014-6559	date:	2024-11-21T02:14:39.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-74503	date:	2014-10-15T00:00:00
db:	VULMON	id:	CVE-2014-6559	date:	2014-10-15T00:00:00
db:	BID	id:	70487	date:	2014-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-004803	date:	2014-10-20T00:00:00
db:	PACKETSTORM	id:	129123	date:	2014-11-17T17:10:27
db:	PACKETSTORM	id:	129125	date:	2014-11-17T17:12:07
db:	PACKETSTORM	id:	128698	date:	2014-10-15T23:08:56
db:	PACKETSTORM	id:	128950	date:	2014-11-04T18:10:24
db:	PACKETSTORM	id:	128990	date:	2014-11-06T17:09:34
db:	PACKETSTORM	id:	129124	date:	2014-11-17T17:11:24
db:	PACKETSTORM	id:	128759	date:	2014-10-21T00:40:52
db:	PACKETSTORM	id:	129122	date:	2014-11-17T17:09:19
db:	CNNVD	id:	CNNVD-201410-455	date:	2014-10-17T00:00:00
db:	NVD	id:	CVE-2014-6559	date:	2014-10-15T22:55:08.390