SB2019011550 - Multiple vulnerabilities in MySQL Server

Main Vulnerability Database SB2019011550

SB2019011550 - Multiple vulnerabilities in MySQL Server

Published: January 15, 2019

Security Bulletin ID SB2019011550

Severity

Low

Patch available

YES

Number of vulnerabilities 26

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 26 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2019-2513)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw. A remote attacker can read potentially sensitive information.

2) Denial of service (CVE-ID: CVE-2019-2535)

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

3) Denial of service (CVE-ID: CVE-2019-2532)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

4) Denial of service (CVE-ID: CVE-2019-2486)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

5) Denial of service (CVE-ID: CVE-2019-2531)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

6) Denial of service (CVE-ID: CVE-2019-2528)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

7) Denial of service (CVE-ID: CVE-2019-2530)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

8) Denial of service (CVE-ID: CVE-2019-2507)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

9) Denial of service (CVE-ID: CVE-2019-2481)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

10) Denial of service (CVE-ID: CVE-2019-2420)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

11) Denial of service (CVE-ID: CVE-2019-2537)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

12) Denial of service (CVE-ID: CVE-2019-2495)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

13) Denial of service (CVE-ID: CVE-2019-2494)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

14) Denial of service (CVE-ID: CVE-2019-2539)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

15) Denial of service (CVE-ID: CVE-2019-2510)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

16) Denial of service (CVE-ID: CVE-2019-2502)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

17) Denial of service (CVE-ID: CVE-2019-2536)

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

18) Information disclosure (CVE-ID: CVE-2018-0734)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.

19) Security restrictions bypass (CVE-ID: CVE-2019-2436)

The vulnerability allows a remote authenticated high-privileged attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data and cause the service to crash.

20) Security restrictions bypass (CVE-ID: CVE-2019-2503)

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

21) Denial of service (CVE-ID: CVE-2019-2455)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

22) Denial of service (CVE-ID: CVE-2019-2434)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

23) Denial of service (CVE-ID: CVE-2019-2482)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

24) Denial of service (CVE-ID: CVE-2019-2529)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

25) Security restrictions bypass (CVE-ID: CVE-2019-2533)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data.

26) Security restrictions bypass (CVE-ID: CVE-2019-2534)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

Remediation

Install update from vendor's website.

References

https://www.oracle.com/security-alerts/cpujan2019.html?1416