Oracle MySQL Executive Summary
This Critical Patch Update contains 6 new security fixes for Oracle MySQL. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.
Oracle MySQL Risk Matrix
CVE# | Component | Protocol | Sub- component |
Remote Exploit without Auth.? | CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Base Score | Access Vector | Access Complexity | Authen- tication |
Confiden- tiality |
Integrity | Avail- ability |
|||||||
CVE-2012-1703 | MySQL Server | MySQL Protocol | Server Optimizer | No | 6.8 | Network | Low | Single | None | None | Complete | 5.1.61 and earlier, 5.5.21 and earlier | |
CVE-2012-0583 | MySQL Server | MySQL Protocol | MyISAM | No | 4.0 | Network | Low | Single | None | None | Partial+ | 5.1.60 and earlier, 5.5.19 and earlier | |
CVE-2012-1697 | MySQL Server | MySQL Protocol | Partition | No | 4.0 | Network | Low | Single | None | None | Partial+ | 5.5.21 and earlier | |
CVE-2012-1688 | MySQL Server | MySQL Protocol | Server DML | No | 4.0 | Network | Low | Single | None | None | Partial+ | 5.1.61 and earlier, 5.5.21 and earlier | |
CVE-2012-1696 | MySQL Server | MySQL Protocol | Server Optimizer | No | 4.0 | Network | Low | Single | None | None | Partial+ | 5.5.19 and earlier | |
CVE-2012-1690 | MySQL Server | MySQL Protocol | Server Optimizer | No | 4.0 | Network | Low | Single | None | None | Partial+ | 5.1.61 and earlier, 5.5.21 and earlier |
Text Form of Risk Matrix for Oracle MySQL
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE Identifier | Description |
---|---|
CVE-2012-0583 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.1.60 and earlier and 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1688 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server DML). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1690 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1696 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.19 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1697 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Partition). Supported versions that are affected are 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1703 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.61 and earlier and 5.5.21 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS).CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.