Bug 1212774 (CVE-2015-2576)

Summary: CVE-2015-2576 mysql-utilities: unspecified vulnerability related to Installation (CPU April 2015)
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, byte, chrisw, dallan, databases-maint, gkotton, hhorak, jdornak, jorton, jstanek, lhh, lpeer, markmc, mbayer, mmaslano, mmuzila, rbryant, sclewis, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-17 10:05:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1212785    

Description Martin Prpič 2015-04-17 09:55:48 UTC 
Vulnerability in the MySQL Utilities component of Oracle MySQL (subcomponent: Installation). Supported versions that are affected are 1.5.1 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Utilities accessible data.

Note: This vulnerability is only applicable on Windows operating system.

External References:

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
Comment 1 Martin Prpič 2015-04-17 10:05:41 UTC 
Statement:

This issue did not affect the versions of mysql or mysql55 as shipped with Red Hat Enterprise Linux 5, 6, or 7 as it only affects MySQL versions shipped on Microsoft Windows.
Comment 3 Tomas Hoger 2016-01-25 15:42:16 UTC 
This issue affected "MySQL Utilities", which is an upstream project separate from MySQL server + client, and not shipped in Red Hat products.