Details of VAR-201507-0303

ID

VAR-201507-0303

CVE

CVE-2015-2620

TITLE

Oracle MySQL Server Server:Security:Privileges Subcomponent security vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201507-518

DESCRIPTION

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'Server : Security : Privileges' sub component is affected. This vulnerability affects the following supported versions: 5.5.43 and earlier, 5.6.23 and earlier. The database system has the characteristics of high performance, low cost and good reliability. Remote attackers can use this vulnerability to read data, affecting data confidentiality. 5 client) - i386, x86_64 3. For the stable distribution (jessie), these problems have been fixed in version 5.5.44-0+deb8u1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb security update Advisory ID: RHSA-2015:1665-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1665.html Issue date: 2015-08-24 CVE Names: CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 ===================================================================== 1. Summary: Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1212758 - CVE-2015-0501 mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015) 1212763 - CVE-2015-2568 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) 1212768 - CVE-2015-0499 mysql: unspecified vulnerability related to Server:Federated (CPU April 2015) 1212772 - CVE-2015-2571 mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015) 1212776 - CVE-2015-0433 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) 1212777 - CVE-2015-0441 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) 1212780 - CVE-2015-0505 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1212783 - CVE-2015-2573 mysql: unspecified vulnerability related to Server:DDL (CPU April 2015) 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm ppc64: mariadb-5.5.44-1.el7_1.ppc64.rpm mariadb-bench-5.5.44-1.el7_1.ppc64.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-devel-5.5.44-1.el7_1.ppc.rpm mariadb-devel-5.5.44-1.el7_1.ppc64.rpm mariadb-libs-5.5.44-1.el7_1.ppc.rpm mariadb-libs-5.5.44-1.el7_1.ppc64.rpm mariadb-server-5.5.44-1.el7_1.ppc64.rpm mariadb-test-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-5.5.44-1.el7_1.s390x.rpm mariadb-bench-5.5.44-1.el7_1.s390x.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-devel-5.5.44-1.el7_1.s390.rpm mariadb-devel-5.5.44-1.el7_1.s390x.rpm mariadb-libs-5.5.44-1.el7_1.s390.rpm mariadb-libs-5.5.44-1.el7_1.s390x.rpm mariadb-server-5.5.44-1.el7_1.s390x.rpm mariadb-test-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.44-1.ael7b_1.src.rpm ppc64le: mariadb-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-bench-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-devel-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-libs-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-server-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-test-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.44-1.el7_1.ppc.rpm mariadb-debuginfo-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-5.5.44-1.el7_1.ppc64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc.rpm mariadb-embedded-devel-5.5.44-1.el7_1.ppc64.rpm s390x: mariadb-debuginfo-5.5.44-1.el7_1.s390.rpm mariadb-debuginfo-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-5.5.44-1.el7_1.s390.rpm mariadb-embedded-5.5.44-1.el7_1.s390x.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390.rpm mariadb-embedded-devel-5.5.44-1.el7_1.s390x.rpm x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: mariadb-debuginfo-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-5.5.44-1.ael7b_1.ppc64le.rpm mariadb-embedded-devel-5.5.44-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.44-1.el7_1.src.rpm x86_64: mariadb-5.5.44-1.el7_1.x86_64.rpm mariadb-bench-5.5.44-1.el7_1.x86_64.rpm mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-devel-5.5.44-1.el7_1.i686.rpm mariadb-devel-5.5.44-1.el7_1.x86_64.rpm mariadb-libs-5.5.44-1.el7_1.i686.rpm mariadb-libs-5.5.44-1.el7_1.x86_64.rpm mariadb-server-5.5.44-1.el7_1.x86_64.rpm mariadb-test-5.5.44-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.44-1.el7_1.i686.rpm mariadb-debuginfo-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-5.5.44-1.el7_1.i686.rpm mariadb-embedded-5.5.44-1.el7_1.x86_64.rpm mariadb-embedded-devel-5.5.44-1.el7_1.i686.rpm mariadb-embedded-devel-5.5.44-1.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0433 https://access.redhat.com/security/cve/CVE-2015-0441 https://access.redhat.com/security/cve/CVE-2015-0499 https://access.redhat.com/security/cve/CVE-2015-0501 https://access.redhat.com/security/cve/CVE-2015-0505 https://access.redhat.com/security/cve/CVE-2015-2568 https://access.redhat.com/security/cve/CVE-2015-2571 https://access.redhat.com/security/cve/CVE-2015-2573 https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV228TXlSAg2UNWIIRAm1mAJ0bzbWNcno0Sy/+xCRBh61u0Og5LQCfYvOB tzK/FpD+vNcUAhqnRuiFgiM= =BpLD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.98

sources: NVD: CVE-2015-2620 // BID: 75837 // VULHUB: VHN-80581 // VULMON: CVE-2015-2620 // PACKETSTORM: 133092 // PACKETSTORM: 133090 // PACKETSTORM: 133091 // PACKETSTORM: 132744 // PACKETSTORM: 133232 // PACKETSTORM: 133233 // PACKETSTORM: 133276

AFFECTED PRODUCTS

vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.04	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.0.20	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.5.43	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	5.5.44	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.23	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	15.1	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.23	Trust: 0.6
vendor:	oracle	model:	mysql	scope:	eq	version:	5.5.43	Trust: 0.6
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	170	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	160	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.23	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.22	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.21	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.42	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.41	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.40	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.16	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.15	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.43	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.36	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.35	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3

sources: BID: 75837 // CNNVD: CNNVD-201507-518 // NVD: CVE-2015-2620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2620
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201507-518
value:	LOW
Trust: 0.6
VULHUB:	VHN-80581
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-2620
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2620
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-80581
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-80581 // VULMON: CVE-2015-2620 // CNNVD: CNNVD-201507-518 // NVD: CVE-2015-2620

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-2620

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-518

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201507-518

PATCH

title:	Oracle MySQL Server Server:Security:Privileges Subcomponent security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89460	Trust: 0.6
title:	Red Hat: CVE-2015-2620	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-2620	Trust: 0.1
title:	Debian CVElist Bug Report Logs: mysql-5.5: Multiple security fixes from the July 2015 CPU	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=80ce8a549a7222b391a7db7e578bd59a	Trust: 0.1
title:	Ubuntu Security Notice: mysql-5.5, mysql-5.6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2674-1	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2015-2620	Trust: 0.1

sources: VULMON: CVE-2015-2620 // CNNVD: CNNVD-201507-518

EXTERNAL IDS

db:	NVD	id:	CVE-2015-2620	Trust: 2.8
db:	BID	id:	75837	Trust: 2.1
db:	SECTRACK	id:	1032911	Trust: 1.8
db:	JUNIPER	id:	JSA10698	Trust: 1.8
db:	CNNVD	id:	CNNVD-201507-518	Trust: 0.7
db:	VULHUB	id:	VHN-80581	Trust: 0.1
db:	VULMON	id:	CVE-2015-2620	Trust: 0.1
db:	PACKETSTORM	id:	133092	Trust: 0.1
db:	PACKETSTORM	id:	133090	Trust: 0.1
db:	PACKETSTORM	id:	133091	Trust: 0.1
db:	PACKETSTORM	id:	132744	Trust: 0.1
db:	PACKETSTORM	id:	133232	Trust: 0.1
db:	PACKETSTORM	id:	133233	Trust: 0.1
db:	PACKETSTORM	id:	133276	Trust: 0.1

sources: VULHUB: VHN-80581 // VULMON: CVE-2015-2620 // BID: 75837 // PACKETSTORM: 133092 // PACKETSTORM: 133090 // PACKETSTORM: 133091 // PACKETSTORM: 132744 // PACKETSTORM: 133232 // PACKETSTORM: 133233 // PACKETSTORM: 133276 // CNNVD: CNNVD-201507-518 // NVD: CVE-2015-2620

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 2.2
url:	http://rhn.redhat.com/errata/rhsa-2015-1646.html	Trust: 2.2
url:	http://rhn.redhat.com/errata/rhsa-2015-1647.html	Trust: 2.2
url:	http://rhn.redhat.com/errata/rhsa-2015-1665.html	Trust: 2.2
url:	http://rhn.redhat.com/errata/rhsa-2015-1628.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-1629.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-1630.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/75837	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.8
url:	http://www.debian.org/security/2015/dsa-3308	Trust: 1.8
url:	https://security.gentoo.org/glsa/201610-06	Trust: 1.8
url:	http://www.securitytracker.com/id/1032911	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2674-1	Trust: 1.8
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2015-2620	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4737	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2643	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2620	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4752	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2582	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2648	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2015-4752	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2015-4757	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2015-2648	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2015-2643	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4757	Trust: 0.6
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#appendixmsql	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2015-4737	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2015-2582	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2571	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-2568	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-0501	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0441	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-2573	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-0433	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0501	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0433	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0499	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0505	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-0441	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2573	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2568	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-0499	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-0505	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-2571	Trust: 0.4
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#appendixmsql	Trust: 0.4
url:	http://www.oracle.com/index.html	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3152	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3152	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-4772	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4772	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4771	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2661	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-2617	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4769	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-2641	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4761	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2641	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-2611	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-2661	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4769	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4767	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2639	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2611	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4771	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4756	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4767	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-2639	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4761	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4756	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2617	Trust: 0.2
url:	https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html	Trust: 0.2
url:	https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2015-2620	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39985	Trust: 0.1
url:	https://usn.ubuntu.com/2674-1/	Trust: 0.1
url:	https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html	Trust: 0.1
url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#appendixmsql	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6568	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0432	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0411	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0382	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0381	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0432	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0411	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6568	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0382	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0381	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 133092 // PACKETSTORM: 133090 // PACKETSTORM: 133091 // PACKETSTORM: 133232 // PACKETSTORM: 133233 // PACKETSTORM: 133276

SOURCES

db:	VULHUB	id:	VHN-80581
db:	VULMON	id:	CVE-2015-2620
db:	BID	id:	75837
db:	PACKETSTORM	id:	133092
db:	PACKETSTORM	id:	133090
db:	PACKETSTORM	id:	133091
db:	PACKETSTORM	id:	132744
db:	PACKETSTORM	id:	133232
db:	PACKETSTORM	id:	133233
db:	PACKETSTORM	id:	133276
db:	CNNVD	id:	CNNVD-201507-518
db:	NVD	id:	CVE-2015-2620

LAST UPDATE DATE

2024-11-13T21:15:12.486000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-80581	date:	2019-02-05T00:00:00
db:	VULMON	id:	CVE-2015-2620	date:	2022-08-29T00:00:00
db:	BID	id:	75837	date:	2016-10-26T01:16:00
db:	CNNVD	id:	CNNVD-201507-518	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2015-2620	date:	2022-08-29T20:52:50.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-80581	date:	2015-07-16T00:00:00
db:	VULMON	id:	CVE-2015-2620	date:	2015-07-16T00:00:00
db:	BID	id:	75837	date:	2015-07-14T00:00:00
db:	PACKETSTORM	id:	133092	date:	2015-08-17T15:38:50
db:	PACKETSTORM	id:	133090	date:	2015-08-17T15:38:25
db:	PACKETSTORM	id:	133091	date:	2015-08-17T15:38:38
db:	PACKETSTORM	id:	132744	date:	2015-07-20T15:45:44
db:	PACKETSTORM	id:	133232	date:	2015-08-21T16:58:17
db:	PACKETSTORM	id:	133233	date:	2015-08-21T16:58:26
db:	PACKETSTORM	id:	133276	date:	2015-08-24T22:05:44
db:	CNNVD	id:	CNNVD-201507-518	date:	2015-07-17T00:00:00
db:	NVD	id:	CVE-2015-2620	date:	2015-07-16T10:59:43.653