Sign-up

ID

VAR-201504-0166


CVE

CVE-2015-0501


TITLE

Oracle MySQL Server Server:Compiling Subcomponent Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201504-343

DESCRIPTION

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'Server : Compiling' sub component is affected. This vulnerability affects the following supported versions: 5.5.42 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability. The verification of md5 checksums and GPG signatures is performed automatically for you. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.43-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.43-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.0.18-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.0.18-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.1 package: 17905b4257617eb8b1dc8dd128959b02 mariadb-5.5.43-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 89560390c29526d793ccbbf18807c09f mariadb-5.5.43-x86_64-1_slack14.1.txz Slackware -current package: 6ff4004dedd522fcd7de14a7b4d8f3be ap/mariadb-10.0.18-i586-1.txz Slackware x86_64 -current package: 91b13958f3ab6bc8fe2b89d2b06d98dd ap/mariadb-10.0.18-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mariadb-5.5.43-i486-1_slack14.1.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. For the upcoming stable distribution (jessie), these problems will be fixed in version 5.5.43-0+deb8u1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security update Advisory ID: RHSA-2015:1665-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1665.html Issue date: 2015-08-24 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm ppc64: mariadb-5.5.44-1.el7_1.ppc64.rpm mariadb-bench-5.5.44-1.el7_1.ppc64.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-devel-5.5.44-1.el7_1.ppc.rpm mariadb-devel-5.5.44-1.el7_1.ppc64.rpm mariadb-libs-5.5.44-1.el7_1.ppc.rpm mariadb-libs-5.5.44-1.el7_1.ppc64.rpm mariadb-server-5.5.44-1.el7_1.ppc64.rpm mariadb-test-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-5.5.44-1.el7_1.s390x.rpm mariadb-bench-5.5.44-1.el7_1.s390x.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-devel-5.5.44-1.el7_1.s390.rpm mariadb-devel-5.5.44-1.el7_1.s390x.rpm mariadb-libs-5.5.44-1.el7_1.s390.rpm mariadb-libs-5.5.44-1.el7_1.s390x.rpm mariadb-server-5.5.44-1.el7_1.s390x.rpm mariadb-test-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.ael7b_1.src.rpm ppc64le: mariadb-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-bench-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-devel-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-libs-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-server-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-test-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-5.5.44-1.el7_1.s390.rpm mariadb-embedded-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-devel-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV228TXlSAg2UNWIIRAm1mAJ0bzbWNcno0Sy/+xCRBh61u0Og5LQCfYvOB tzK/FpD+vNcUAhqnRuiFgiM= =BpLD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2015-0501 // BID: 74070 // VULHUB: VHN-78447 // PACKETSTORM: 132747 // PACKETSTORM: 133091 // PACKETSTORM: 131760 // PACKETSTORM: 131866 // PACKETSTORM: 131862 // PACKETSTORM: 131519 // PACKETSTORM: 133276

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:junipermodel:junos spacescope:lteversion:15.1

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.10

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.6.23

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:5.5.42

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:mariadbmodel:mariadbscope:ltversion:5.5.43

Trust: 1.0

vendor:mariadbmodel:mariadbscope:gteversion:5.5.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:mariadbmodel:mariadbscope:gteversion:10.0.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11

Trust: 1.0

vendor:oraclemodel:mysqlscope:gteversion:5.6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:mariadbmodel:mariadbscope:ltversion:10.0.18

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:oraclemodel:mysqlscope:eqversion:5.6.23

Trust: 0.6

vendor:oraclemodel:mysqlscope:eqversion:5.5.42

Trust: 0.6

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

sources: BID: 74070 // CNNVD: CNNVD-201504-343 // NVD: CVE-2015-0501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0501
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201504-343
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78447
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0501
severity: MEDIUM
baseScore: 5.7
vectorString: AV:N/AC:M/AU:M/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-78447
severity: MEDIUM
baseScore: 5.7
vectorString: AV:N/AC:M/AU:M/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78447 // CNNVD: CNNVD-201504-343 // NVD: CVE-2015-0501

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-0501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-343

TYPE

Unknown

Trust: 0.3

sources: BID: 74070

PATCH

title:Oracle MySQL Server Server:Compiling Subcomponent denial of service vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89452

Trust: 0.6

sources: CNNVD: CNNVD-201504-343

EXTERNAL IDS

db:NVDid:CVE-2015-0501

Trust: 2.7

db:SECTRACKid:1032121

Trust: 1.7

db:JUNIPERid:JSA10698

Trust: 1.7

db:CNNVDid:CNNVD-201504-343

Trust: 0.7

db:BIDid:74070

Trust: 0.4

db:VULHUBid:VHN-78447

Trust: 0.1

db:PACKETSTORMid:132747

Trust: 0.1

db:PACKETSTORMid:133091

Trust: 0.1

db:PACKETSTORMid:131760

Trust: 0.1

db:PACKETSTORMid:131866

Trust: 0.1

db:PACKETSTORMid:131862

Trust: 0.1

db:PACKETSTORMid:131519

Trust: 0.1

db:PACKETSTORMid:133276

Trust: 0.1

sources: VULHUB: VHN-78447 // BID: 74070 // PACKETSTORM: 132747 // PACKETSTORM: 133091 // PACKETSTORM: 131760 // PACKETSTORM: 131866 // PACKETSTORM: 131862 // PACKETSTORM: 131519 // PACKETSTORM: 133276 // CNNVD: CNNVD-201504-343 // NVD: CVE-2015-0501

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 1.8

url:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-1629.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2015-1665.html

Trust: 1.8

url:http://www.debian.org/security/2015/dsa-3229

Trust: 1.7

url:http://www.debian.org/security/2015/dsa-3311

Trust: 1.7

url:https://security.gentoo.org/glsa/201507-19

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:227

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2015-1628.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2015-1647.html

Trust: 1.7

url:http://www.securitytracker.com/id/1032121

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-2575-1

Trust: 1.7

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10698

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-2571

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0501

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0505

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0499

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-2573

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-0441

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-2568

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-0433

Trust: 0.6

url:https://www.debian.org/security/

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#appendixmsql

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0499

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0501

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0505

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2571

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3152

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2568

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-4752

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-4757

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2648

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2643

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0501

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2573

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0433

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-4737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-2643

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-4757

Trust: 0.2

url:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#appendixmsql

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-2620

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-4737

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2582

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0441

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0499

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-2582

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2620

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-2648

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0505

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-2571

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-4752

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2568

Trust: 0.2

url:http://slackware.com

Trust: 0.2

url:http://slackware.com/gpg-key

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2573

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0433

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0441

Trust: 0.2

url:http://osuosl.org)

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10698

Trust: 0.1

url:https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/

Trust: 0.1

url:https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/

Trust: 0.1

url:https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/

Trust: 0.1

url:https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/

Trust: 0.1

url:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-43.html

Trust: 0.1

url:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3152

Trust: 0.1

url:https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/

Trust: 0.1

sources: VULHUB: VHN-78447 // PACKETSTORM: 132747 // PACKETSTORM: 133091 // PACKETSTORM: 131760 // PACKETSTORM: 131866 // PACKETSTORM: 131862 // PACKETSTORM: 131519 // PACKETSTORM: 133276 // CNNVD: CNNVD-201504-343 // NVD: CVE-2015-0501

CREDITS

Oracle

Trust: 0.3

sources: BID: 74070

SOURCES

db:VULHUBid:VHN-78447
db:BIDid:74070
db:PACKETSTORMid:132747
db:PACKETSTORMid:133091
db:PACKETSTORMid:131760
db:PACKETSTORMid:131866
db:PACKETSTORMid:131862
db:PACKETSTORMid:131519
db:PACKETSTORMid:133276
db:CNNVDid:CNNVD-201504-343
db:NVDid:CVE-2015-0501

LAST UPDATE DATE

2024-12-22T21:30:30.857000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-78447date:2019-02-01T00:00:00
db:BIDid:74070date:2015-11-03T18:41:00
db:CNNVDid:CNNVD-201504-343date:2022-07-20T00:00:00
db:NVDid:CVE-2015-0501date:2024-11-21T02:23:12.303

SOURCES RELEASE DATE

db:VULHUBid:VHN-78447date:2015-04-16T00:00:00
db:BIDid:74070date:2015-04-14T00:00:00
db:PACKETSTORMid:132747date:2015-07-20T15:47:18
db:PACKETSTORMid:133091date:2015-08-17T15:38:38
db:PACKETSTORMid:131760date:2015-05-05T19:26:36
db:PACKETSTORMid:131866date:2015-05-13T01:22:21
db:PACKETSTORMid:131862date:2015-05-12T16:04:45
db:PACKETSTORMid:131519date:2015-04-20T14:10:06
db:PACKETSTORMid:133276date:2015-08-24T22:05:44
db:CNNVDid:CNNVD-201504-343date:2015-04-17T00:00:00
db:NVDid:CVE-2015-0501date:2015-04-16T16:59:50.653