How can we improve the SMA (K1000)?

Limit MySQL access to specific IP addresses

Our Security team has run vulnerability scans against the Kace K1000 and it currentloy shows 130+ vulnerabilities 95% of which are related to MySQL.

What is most desired to mitigate the vulnerabilities is a limitation of MySQL access by source IP address, this would mitigate the exposure of the system. We know that MySQL already has a table to do limit access itself, however the KACE GUI doesn't make access to those MySQL built-in components.

11 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Drew Whittle shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Paul commented  ·   ·  Flag as inappropriate

    KACE product team: Direct access to the MySQL back-end is a great tool and very helpful, without a doubt, however something must be done to secure this access by adding a per-IP permission. The MySQL port cannot be left unguarded like this, there must be a gate (and it cannot be just the login/passwd). Im pasting below the LARGE list of MySQL vulnerabilities that can be exploited, a lot of them with very high CVSS ratings. WAY TOO MANY to fit on this 5,000 character limit, the best way to mitigate this is to put an IP filter so they're not visible, patching Oracle would be a never-ending battle and much tougher. PLEASE HELP MITIGATE THE EXPOSURE BY ADDING THIS SIMPLE FEATURE. Thanks :)

    Vulnerability Title
    -----------------------------------------
    Oracle MySQL Vulnerability: CVE-2014-6507
    Oracle MySQL Vulnerability: CVE-2014-6491
    Oracle MySQL Vulnerability: CVE-2014-6500
    Oracle MySQL Vulnerability: CVE-2014-6469
    Oracle MySQL Vulnerability: CVE-2013-5860
    Oracle MySQL Vulnerability: CVE-2013-5882
    Oracle MySQL Vulnerability: CVE-2013-2395
    Oracle MySQL Vulnerability: CVE-2014-6530
    Oracle MySQL Vulnerability: CVE-2014-6555
    Oracle MySQL Vulnerability: CVE-2014-2484
    Oracle MySQL Vulnerability: CVE-2014-4258
    Oracle MySQL Vulnerability: CVE-2014-2444
    Oracle MySQL Vulnerability: CVE-2014-6489
    Oracle MySQL Vulnerability: CVE-2014-4260
    Oracle MySQL Vulnerability: CVE-2013-3798
    Oracle MySQL Vulnerability: CVE-2014-2436
    Oracle MySQL Vulnerability: CVE-2013-2378
    Oracle MySQL Vulnerability: CVE-2013-2375
    Oracle MySQL Vulnerability: CVE-2013-3801
    Oracle MySQL Vulnerability: CVE-2013-1570
    Oracle MySQL Vulnerability: CVE-2014-2440
    Oracle MySQL Vulnerability: CVE-2013-1523
    Oracle MySQL Vulnerability: CVE-2012-5615
    Oracle MySQL Vulnerability: CVE-2014-6474
    Oracle MySQL Vulnerability: CVE-2014-6484
    Oracle MySQL Vulnerability: CVE-2014-6505
    Oracle MySQL Vulnerability: CVE-2014-4287
    Oracle MySQL Vulnerability: CVE-2014-6464
    Oracle MySQL Vulnerability: CVE-2014-6564
    Oracle MySQL Vulnerability: CVE-2014-2430
    Oracle MySQL Vulnerability: CVE-2014-2438
    Oracle MySQL Vulnerability: CVE-2014-2451
    Oracle MySQL Vulnerability: CVE-2014-4238
    Oracle MySQL Vulnerability: CVE-2014-4233
    Oracle MySQL Vulnerability: CVE-2014-0431
    Oracle MySQL Vulnerability: CVE-2014-0437
    Oracle MySQL Vulnerability: CVE-2014-0427
    Oracle MySQL Vulnerability: CVE-2014-2442
    Oracle MySQL Vulnerability: CVE-2014-2434
    Oracle MySQL Vulnerability: CVE-2014-2435
    Oracle MySQL Vulnerability: CVE-2014-2450
    Oracle MySQL Vulnerability: CVE-2014-2419
    Oracle MySQL Vulnerability: CVE-2014-0384
    Oracle MySQL Vulnerability: CVE-2013-5793
    Oracle MySQL Vulnerability: CVE-2014-6496
    Oracle MySQL Vulnerability: CVE-2014-6495
    Oracle MySQL Vulnerability: CVE-2014-6494
    Oracle MySQL Vulnerability: CVE-2014-0401
    Oracle MySQL Vulnerability: CVE-2014-0402
    Oracle MySQL Vulnerability: CVE-2013-5894
    Oracle MySQL Vulnerability: CVE-2013-5891
    Oracle MySQL Vulnerability: CVE-2014-0386
    Oracle MySQL Vulnerability: CVE-2014-0412
    Oracle MySQL Vulnerability: CVE-2013-5881
    Oracle MySQL Vulnerability: CVE-2013-3812
    Oracle MySQL Vulnerability: CVE-2013-3810
    Oracle MySQL Vulnerability: CVE-2013-3811
    Oracle MySQL Vulnerability: CVE-2013-3839
    Oracle MySQL Vulnerability: CVE-2013-5767
    Oracle MySQL Vulnerability: CVE-2013-5786
    Oracle MySQL Vulnerability: CVE-2013-1511
    Oracle MySQL Vulnerability: CVE-2013-1567
    Oracle MySQL Vulnerability: CVE-2013-1566
    Oracle MySQL Vulnerability: CVE-2013-3793
    Oracle MySQL Vulnerability: CVE-2013-3795
    Oracle MySQL Vulnerability: CVE-2013-3796
    Oracle MySQL Vulnerability: CVE-2013-3806
    Oracle MySQL Vulnerability: CVE-2013-3805
    Oracle MySQL Vulnerability: CVE-2013-3804
    Oracle MySQL Vulnerability: CVE-2013-3808
    Oracle MySQL Vulnerability: CVE-2013-3802
    Oracle MySQL Vulnerability: CVE-2014-0433
    Oracle MySQL Vulnerability: CVE-2013-1532
    Oracle MySQL Vulnerability: CVE-2013-1544
    Oracle MySQL Vulnerability: CVE-2013-2376
    Oracle MySQL Vulnerability: CVE-2013-2392
    Oracle MySQL Vulnerability: CVE-2013-2389
    Oracle MySQL Vulnerability: CVE-2014-6478
    Oracle MySQL Vulnerability: CVE-2013-2381
    Oracle MySQL Vulnerability: CVE-2013-3809
    Oracle MySQL Vulnerability: CVE-2014-4274
    Oracle MySQL Vulnerability: CVE-2014-6559

Feedback and Knowledge Base