CVE-2014-4258
First published: Thu Jul 17 2014(Updated: )
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL | >=5.5.0<=5.5.37 | |
| MySQL | >=5.6.0<=5.6.17 | |
| VMware vCenter Server Appliance | =5.0 | |
| VMware vCenter Server Appliance | =5.0-update_1 | |
| VMware vCenter Server Appliance | =5.0-update_2 | |
| VMware vCenter Server Appliance | =5.1 | |
| VMware vCenter Server Appliance | =5.1-update_1 | |
| VMware vCenter Server Appliance | =5.1-update_2 | |
| VMware vCenter Server Appliance | =5.5 | |
| VMware vCenter Server Appliance | =5.5-update_1 | |
| Oracle Solaris SPARC | =11.3 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| Debian | =7.0 | |
| Ariadne CMS | >=5.5.0<5.5.38 | |
| Ariadne CMS | >=10.0.0<10.0.12 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise Desktop with Beagle | =12 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Workstation Extension | =12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60425
- http://www.debian.org/security/2014/dsa-2985
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68564
- http://www.securitytracker.com/id/1030578
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94620
Frequently Asked Questions
What is the severity of CVE-2014-4258?
CVE-2014-4258 is considered a medium severity vulnerability as it can impact confidentiality, integrity, and availability.
How do I fix CVE-2014-4258?
To fix CVE-2014-4258, you should upgrade MySQL to a version later than 5.5.37 or 5.6.17.
What components are affected by CVE-2014-4258?
CVE-2014-4258 affects the MySQL Server component of Oracle MySQL versions 5.5.37 and earlier and 5.6.17 and earlier.
Can CVE-2014-4258 be exploited remotely?
Yes, CVE-2014-4258 can be exploited by remote authenticated users.
What specific products are known to be affected by CVE-2014-4258?
Products known to be affected by CVE-2014-4258 include Oracle MySQL and various versions of VMware vCenter Server Appliance.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/mysql
- version/mysql/5.5.0
- version/mysql/5.5.37
- version/mysql/5.6.0
- version/mysql/5.6.17
- vendor/vmware
- canonical/vmware vcenter server appliance
- version/vmware vcenter server appliance/5.0
- version/vmware vcenter server appliance/5.0-update_1
- version/vmware vcenter server appliance/5.0-update_2
- version/vmware vcenter server appliance/5.1
- version/vmware vcenter server appliance/5.1-update_1
- version/vmware vcenter server appliance/5.1-update_2
- version/vmware vcenter server appliance/5.5
- version/vmware vcenter server appliance/5.5-update_1
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- vendor/opensuse project
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11.0-sp3
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- vendor/debian
- canonical/debian
- version/debian/7.0
- vendor/mariadb
- canonical/ariadne cms
- version/ariadne cms/5.5.0
- version/ariadne cms/10.0.0
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- version/suse linux enterprise desktop with beagle/12
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- version/suse linux enterprise server/12
- version/suse linux enterprise software development kit/11-sp3
- version/suse linux enterprise software development kit/12
- canonical/suse linux enterprise workstation extension
- version/suse linux enterprise workstation extension/12