SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Juniper Junos Space Vendors:   Juniper
(Juniper Issues Fix for Juniper Junos Space) MySQL Multiple Bugs Let Remote Users Execute Arbitrary Code, Modify Data, and Deny Service
SecurityTracker Alert ID:  1033834
SecurityTracker URL:  http://securitytracker.com/id/1033834
CVE Reference:   CVE-2013-5908   (Links to External Site)
Date:  Oct 16 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.1R1
Description:   Multiple vulnerabilities were reported in MySQL. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A remote user can partially modify data. Juniper Junos Space is affected.

A remote user can exploit a flaw in the MySQL Enterprise Monitor component to gain elevated privileges [CVE-2013-4316].

A remote authenticated user can exploit a flaw in the GIS component to cause denial of service conditions [CVE-2013-5860].

A remote authenticated user can exploit a flaw in the InnoDB component to cause partial denial of service conditions [CVE-2013-5881].

A remote authenticated user can exploit a flaw in the Stored Procedure component to cause denial of service conditions [CVE-2013-5882].

A remote authenticated user can exploit a flaw in the Partition component to cause partial denial of service conditions [CVE-2013-5891].

A remote authenticated user can exploit a flaw in the InnoDB component to cause partial denial of service conditions [CVE-2013-5894].

A remote user can exploit a flaw in the Error Handling component to cause partial denial of service conditions [CVE-2013-5908].

A remote authenticated user can exploit a flaw in the Optimizer component to cause partial denial of service conditions [CVE-2014-0386].

A remote user can exploit a flaw in the InnoDB component to partially modify data [CVE-2014-0393].

A remote authenticated user can exploit a flaw in the Privileges component to cause partial denial of service conditions [CVE-2014-0401].

A remote authenticated user can exploit a flaw in the Locking component to cause partial denial of service conditions [CVE-2014-0402].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-0412].

A remote user can exploit a flaw in the Replication component to cause partial denial of service conditions [CVE-2014-0420].

A remote authenticated user can exploit a flaw in the FTS component to cause partial denial of service conditions [CVE-2014-0427].

A remote user can exploit a flaw in the Performance Schema component to cause partial denial of service conditions [CVE-2014-0430].

A remote authenticated user can exploit a flaw in the InnoDB component to cause partial denial of service conditions [CVE-2014-0431].

A remote user can exploit a flaw in the Thread Pooling component to cause partial denial of service conditions [CVE-2014-0433].

A remote authenticated user can exploit a flaw in the Optimizer component to cause partial denial of service conditions [CVE-2014-0437].

The following researchers reported these and other Oracle vulnerabilities:

Adam Willard of Foreground Security; Alexander Kornbrust of Red Database Security; Alexey Tyurin of ERPScan (Digital Security Research Group); Apple Inc.; Arseniy Akuney of TELUS Security Labs; Borked of the Google Security Team;
Carlo Di Dato of iDefense; Christopher Meyer of Ruhr-University Bochum; Daniel EkBerg of Kentor AB Sweden; Esteban Martinez Fayo formerly of Application Security Inc.; Fernando Munoz; Information Security Office for the University of Texas at Austin;
John Leitch working with HP's Zero Day Initiative; Joseph Sheridan of Reactionis; Juraj Somorovsky of Ruhr-University Bochum; Matthew Daley; Oliver Gruskovnjak of Portcullis Inc;
Sam Thomas of Pentest Limited; Sebastian Schinzel of University of Applied Sciences Munster; Tanel Poder; Will Dormann of CERT/CC; and Yuki Chen of Trend Micro.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A remote user can partially modify data.

Solution:   Juniper has issued a fix for CVE-2013-5908 for Juniper Junos Space (15.1R1).

The Juniper advisory is available at:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 (Links to External Site)
Cause:   Not specified

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2014 MySQL Multiple Bugs Let Remote Users Execute Arbitrary Code, Modify Data, and Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC