Vigil@nce - MySQL: several vulnerabilities of July 2013
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of MySQL are fixed by the CPU of July 2013.
Impacted products: MES, MySQL Community, MySQL Enterprise
Severity: 2/4
Creation date: 17/07/2013
DESCRIPTION OF THE VULNERABILITY
A Critical Patch Update fixes several vulnerabilities of MySQL.
An authenticated attacker can use a geometry query, in order to
stop MySQL (VIGILANCE-VUL-12529 (https://vigilance.fr/tree/1/12529?w=66901)).
[severity:2/4; BID-58511, CVE-2013-1861]
An attacker can use a vulnerability of MemCached, in order to
alter information, or to trigger a denial of service.
[severity:2/4; BID-61274, CVE-2013-3798]
An attacker can use a vulnerability of Audit Log, in order to
alter information. [severity:2/4; BID-61272, CVE-2013-3809]
An attacker can use a vulnerability of Data Manipulation Language,
in order to trigger a denial of service. [severity:2/4; BID-61264,
CVE-2013-3793]
An attacker can use a vulnerability of Data Manipulation Language,
in order to trigger a denial of service. [severity:2/4; BID-61238,
CVE-2013-3795]
An attacker can use a vulnerability of Full Text Search, in order
to trigger a denial of service. [severity:2/4; BID-61244,
CVE-2013-3802]
An attacker can use a vulnerability of InnoDB, in order to trigger
a denial of service. [severity:2/4; BID-61235, CVE-2013-3806]
An attacker can use a vulnerability of Prepared Statements, in
order to trigger a denial of service. [severity:2/4; BID-61256,
CVE-2013-3805]
An attacker can use a vulnerability of Server Optimizer, in order
to trigger a denial of service. [severity:2/4; BID-61260,
CVE-2013-3804]
An attacker can use a vulnerability of Server Optimizer, in order
to trigger a denial of service. [severity:2/4; BID-61233,
CVE-2013-3796]
An attacker can use a vulnerability of Server Options, in order to
trigger a denial of service. [severity:2/4; BID-61227,
CVE-2013-3808]
An attacker can use a vulnerability of Server Options, in order to
trigger a denial of service. [severity:2/4; BID-61269,
CVE-2013-3801]
An attacker can use a vulnerability of Server Parser, in order to
trigger a denial of service. [severity:2/4; BID-61210,
CVE-2013-3783]
An attacker can use a vulnerability of Server Partition, in order
to trigger a denial of service. [severity:2/4; BID-61222,
CVE-2013-3794]
An attacker can use a vulnerability of Server Privileges, in order
to obtain or alter information. [severity:2/4; BID-61238,
CVE-2013-3807]
An attacker can use a vulnerability of InnoDB, in order to trigger
a denial of service. [severity:2/4; BID-61252, CVE-2013-3811]
An attacker can use a vulnerability of Server Replication, in
order to trigger a denial of service. [severity:2/4; BID-61249,
CVE-2013-3812]
An attacker can use a vulnerability of XA Transactions, in order
to trigger a denial of service. [severity:2/4; BID-61214,
CVE-2013-3810]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MySQL-several-vulnerabilities-of-July-2013-13132