Think you have a false positive on this rule?

Sid 1-31570

Message

SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt

Summary

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Impact

CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL

CVE-2014-0001:

CVSS base score 7.5

CVSS impact score 6.4

CVSS exploitability score 10.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2014-0001: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Affected systems

  • mariadb mariadb 5.5.34
  • mysql mysql 5.5.0
  • mysql mysql 5.5.1
  • mysql mysql 5.5.2
  • mysql mysql 5.5.3
  • mysql mysql 5.5.4
  • mysql mysql 5.5.5
  • mysql mysql 5.5.6
  • mysql mysql 5.5.7
  • mysql mysql 5.5.8
  • mysql mysql 5.5.9
  • oracle mysql 5.5.10
  • oracle mysql 5.5.11
  • oracle mysql 5.5.12
  • oracle mysql 5.5.13
  • oracle mysql 5.5.14
  • oracle mysql 5.5.15
  • oracle mysql 5.5.16
  • oracle mysql 5.5.17
  • oracle mysql 5.5.18
  • oracle mysql 5.5.19
  • oracle mysql 5.5.20
  • oracle mysql 5.5.21
  • oracle mysql 5.5.22
  • oracle mysql 5.5.23
  • oracle mysql 5.5.24
  • oracle mysql 5.5.25
  • oracle mysql 5.5.26
  • oracle mysql 5.5.27
  • oracle mysql 5.5.28
  • oracle mysql 5.5.29
  • oracle mysql 5.5.30
  • oracle mysql 5.5.31
  • oracle mysql 5.5.32
  • oracle mysql 5.5.33
  • oracle mysql 5.5.34
  • oracle mysql 5.5.35
  • oracle mysql 5.5.36
  • oracle mysql 5.6.0
  • oracle mysql 5.6.1
  • oracle mysql 5.6.2
  • oracle mysql 5.6.3
  • oracle mysql 5.6.4
  • oracle mysql 5.6.5
  • oracle mysql 5.6.6
  • oracle mysql 5.6.7
  • oracle mysql 5.6.8
  • oracle mysql 5.6.9
  • oracle mysql 5.6.10
  • oracle mysql 5.6.11
  • oracle mysql 5.6.12
  • oracle mysql 5.6.13
  • oracle mysql 5.6.14
  • oracle mysql 5.6.15
  • oracle mysql 5.6.16
  • redhat enterprise_linux 5
  • redhat enterprise_linux 6
  • redhat enterpriselinuxdesktop 5.0
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxworkstation 6.0

Ease of attack

CVE-2014-0001:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • osvdb.org/show/osvdb/102714