Executive Summary

Informations
NameCVE-2014-0001First vendor Publication2014-01-31
VendorCveLast vendor Modification2019-04-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25380
 
Oval ID: oval:org.mitre.oval:def:25380
Title: SUSE-SU-2014:0769-1 -- Security update for MySQL
Description: MySQL was updated to version 5.5.37 to address various security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0769-1
CVE-2014-2444
CVE-2014-2436
CVE-2014-2440
CVE-2014-2434
CVE-2014-2435
CVE-2014-2442
CVE-2014-2450
CVE-2014-2419
CVE-2014-0384
CVE-2014-2430
CVE-2014-2451
CVE-2014-2438
CVE-2014-2432
CVE-2014-2431
CVE-2013-4316
CVE-2013-5860
CVE-2013-5882
CVE-2014-0433
CVE-2013-5894
CVE-2013-5881
CVE-2014-0412
CVE-2014-0402
CVE-2014-0386
CVE-2013-5891
CVE-2014-0401
CVE-2014-0427
CVE-2014-0431
CVE-2014-0437
CVE-2014-0393
CVE-2014-0430
CVE-2014-0420
CVE-2013-5908
CVE-2014-0001
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): MySQL
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application56
Application10
Application45
Os4
Os2
Os1
Os1

Snort® IPS/IDS

DateDescription
2014-11-16MySQL/MariaDB mysql.cc buffer overflow attempt
RuleID : 31570 - Revision : 3 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

DateDescription
2017-01-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2017-0035.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-75.nasl - Type : ACT_GATHER_INFO
2014-09-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201409-04.nasl - Type : ACT_GATHER_INFO
2014-06-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-140527.nasl - Type : ACT_GATHER_INFO
2014-05-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2919.nasl - Type : ACT_GATHER_INFO
2014-04-24Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2170-1.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_36.nasl - Type : ACT_GATHER_INFO
2014-03-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-298.nasl - Type : ACT_GATHER_INFO
2014-03-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0173.nasl - Type : ACT_GATHER_INFO
2014-03-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0189.nasl - Type : ACT_GATHER_INFO
2014-02-20Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-050-02.nasl - Type : ACT_GATHER_INFO
2014-02-20Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0186.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0186.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0186.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140218_mysql55_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-02-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0164.nasl - Type : ACT_GATHER_INFO
2014-02-14Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-028.nasl - Type : ACT_GATHER_INFO
2014-02-13Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0164.nasl - Type : ACT_GATHER_INFO
2014-02-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0164.nasl - Type : ACT_GATHER_INFO
2014-02-13Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140212_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-02-06Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_35.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/65298
CONFIRM http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
https://bugzilla.redhat.com/show_bug.cgi?id=1054592
https://mariadb.com/kb/en/mariadb-5535-changelog/
GENTOO http://security.gentoo.org/glsa/glsa-201409-04.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:029
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0164.html
http://rhn.redhat.com/errata/RHSA-2014-0173.html
http://rhn.redhat.com/errata/RHSA-2014-0186.html
http://rhn.redhat.com/errata/RHSA-2014-0189.html
SECTRACK http://www.securitytracker.com/id/1029708
SECUNIA http://secunia.com/advisories/52161
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/90901

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
DateInformations
2019-04-22 21:19:09
  • Multiple Updates
2018-02-15 01:00:51
  • Multiple Updates
2018-01-03 09:21:54
  • Multiple Updates
2017-08-04 00:22:12
  • Multiple Updates
2017-01-27 13:24:50
  • Multiple Updates
2017-01-07 09:25:15
  • Multiple Updates
2016-12-20 12:02:17
  • Multiple Updates
2016-06-28 22:29:24
  • Multiple Updates
2015-03-27 13:28:00
  • Multiple Updates
2014-11-16 21:24:44
  • Multiple Updates
2014-09-06 13:24:32
  • Multiple Updates
2014-06-30 21:24:47
  • Multiple Updates
2014-06-08 13:33:24
  • Multiple Updates
2014-05-06 13:25:44
  • Multiple Updates
2014-05-05 13:23:43
  • Multiple Updates
2014-04-25 13:24:48
  • Multiple Updates
2014-04-17 13:25:41
  • Multiple Updates
2014-04-04 13:22:27
  • Multiple Updates
2014-03-13 13:22:05
  • Multiple Updates
2014-03-08 13:21:07
  • Multiple Updates
2014-03-06 13:24:22
  • Multiple Updates
2014-02-21 13:21:08
  • Multiple Updates
2014-02-20 13:21:18
  • Multiple Updates
2014-02-17 11:24:42
  • Multiple Updates
2014-02-03 21:21:17
  • Multiple Updates
2014-02-01 13:19:21
  • First insertion