CVE-2016-0641

MEDIUM

Description

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html

http://rhn.redhat.com/errata/RHSA-2016-0705.html

http://rhn.redhat.com/errata/RHSA-2016-1480.html

http://rhn.redhat.com/errata/RHSA-2016-1481.html

http://rhn.redhat.com/errata/RHSA-2016-1602.html

http://www.debian.org/security/2016/dsa-3557

http://www.debian.org/security/2016/dsa-3595

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/86470

http://www.securitytracker.com/id/1035606

http://www.ubuntu.com/usn/USN-2953-1

http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168

https://access.redhat.com/errata/RHSA-2016:1132

https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/

Details

Source: MITRE

Published: 2016-04-21

Updated: 2019-12-27

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 6.8

Severity: MEDIUM

CVSS v3.0

Base Score: 5.1

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Impact Score: 4.2

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.47 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.28 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.10 (inclusive)

Configuration 7

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from 5.5.20 to 5.5.47 (inclusive)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

ID	Name	Product	Family	Severity
125006	EulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1553)	Nessus	Huawei Local Security Checks	critical
99798	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1035)	Nessus	Huawei Local Security Checks	medium
93829	MariaDB 10.1.x < 10.1.12 Multiple Vulnerabilities	Nessus	Databases	medium
93828	MariaDB 10.0.x < 10.0.24 Multiple Vulnerabilities	Nessus	Databases	medium
93159	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1620-1)	Nessus	SuSE Local Security Checks	high
93158	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1619-1)	Nessus	SuSE Local Security Checks	high
93016	Amazon Linux AMI : mysql55 (ALAS-2016-738)	Nessus	Amazon Linux Local Security Checks	high
92996	Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160811)	Nessus	Scientific Linux Local Security Checks	medium
92950	CentOS 7 : mariadb (CESA-2016:1602)	Nessus	CentOS Local Security Checks	medium
92938	RHEL 7 : mariadb (RHSA-2016:1602)	Nessus	Red Hat Local Security Checks	medium
92934	Oracle Linux 7 : mariadb (ELSA-2016-1602)	Nessus	Oracle Linux Local Security Checks	medium
91871	openSUSE Security Update : mariadb (openSUSE-2016-780)	Nessus	SuSE Local Security Checks	high
91794	openSUSE Security Update : mariadb (openSUSE-2016-761)	Nessus	SuSE Local Security Checks	high
91474	Debian DSA-3595-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
91277	openSUSE Security Update : mysql-community-server (openSUSE-2016-607)	Nessus	SuSE Local Security Checks	critical
91121	SUSE SLES11 Security Update : mysql (SUSE-SU-2016:1279-1)	Nessus	SuSE Local Security Checks	medium
90847	FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	critical
90833	Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)	Nessus	Databases	medium
90831	Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU)	Nessus	Databases	medium
90829	Oracle MySQL 5.5.x < 5.5.48 Multiple Vulnerabilities (April 2016 CPU)	Nessus	Databases	medium
90804	Debian DLA-447-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
90724	Debian DSA-3557-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
90678	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2953-1)	Nessus	Ubuntu Local Security Checks	critical
9259	Oracle MySQL 5.5.x < 5.5.48 / 5.6.x < 5.6.29 / 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9254	Oracle MySQL 5.5.x < 5.5.48 Multiple DoS	Nessus Network Monitor	Database	medium
9238	MySQL 5.6.x < 5.6.29 Multiple DoS	Nessus Network Monitor	Database	medium
89056	MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities	Nessus	Databases	medium
89055	MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities	Nessus	Databases	medium
89054	MySQL 5.5.x < 5.5.48 Multiple Vulnerabilities	Nessus	Databases	high
87728	MariaDB 5.5 < 5.5.48 Multiple Vulnerabilities	Nessus	Databases	medium