BugTraq
Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day Jan 19 2017 06:34AM
Nicholas Lemonias. (lem nikolas googlemail com)
************************************************************************
************
*
*
* Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. *
*
*
*
*
************************************************************************
************

ABSTRACT
===========

This industry-led research was conducted by Advanced Information
Security co-jointly with Oracle Corporation. The CVE assigned for the
MySQL Cluster issues is CVE-2016-5541. This security research
concluded to multiple zero-day vulnerabilities affecting the 'MySQL
Protocol' protocol. Feasibility of exploitation is remote &
unauthenticated.

The vulnerability can be exploited over the 'MySQL Protocol' protocol.
The 'Cluster: NDBAPI' sub component can be exploited.

VERSIONS AFFECTED
====================

Oracle MySQL Cluster 7.4.12
Oracle MySQL Cluster 7.4.5
Oracle MySQL Cluster 7.3.14
Oracle MySQL Cluster 7.3.8
Oracle MySQL Cluster 7.2.26
Oracle MySQL Cluster 7.2.25
Oracle MySQL Cluster 7.2.19

A full report can be obtained from
https://www.docdroid.net/o2uVeg4/cve-2016-5541.pdf.html

(References)

[1] Oracle Critical Patch Update - January 2017. 2017. Oracle
Critical Patch Update - January 2017. [ONLINE] Available at:
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.h
tml

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus