RHSA-2016:2130

RHSA-2016:2131

RHSA-2016:2595

RHSA-2016:2927

RHSA-2016:2928

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

93635

1037050

https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows remote authenticated users to affect     availability via vectors related to Server:
    Optimizer.(CVE-2016-3492)

  - Unspecified vulnerability in Oracle MySQL 5.5.50 and     earlier, 5.6.31 and earlier, and 5.7.13 and earlier     allows remote authenticated users to affect     availability via vectors related to DML.(CVE-2016-5612)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows local users to affect confidentiality,     integrity, and availability via vectors related to     Server: MyISAM.(CVE-2016-5616)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier allows remote authenticated users to affect     availability via vectors related to DML.(CVE-2016-5624)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows remote authenticated users to affect     availability via vectors related to GIS.(CVE-2016-5626)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows remote administrators to affect availability via     vectors related to Server: Federated.(CVE-2016-5629)

  - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and     5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x     before 10.0.27, and 10.1.x before 10.1.17; and Percona     Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,     and 5.7.x before 5.7.14-7 allow local users to create     arbitrary configurations and bypass certain protection     mechanisms by setting general_log_file to a my.cnf     configuration. NOTE: this can be leveraged to execute     arbitrary code with root privileges by setting     malloc_lib.(CVE-2016-6662)

  - A race condition was found in the way MySQL performed     MyISAM engine table repair. A database user with shell     access to the server running mysqld could use this flaw     to change permissions of arbitrary files writable by     the mysql system user.(CVE-2016-6663)

  - Unspecified vulnerability in Oracle MySQL 5.5.51 and     earlier, 5.6.32 and earlier, and 5.7.14 and earlier     allows remote authenticated users to affect     availability via vectors related to Server:
    Types.(CVE-2016-8283)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The MySQL project reports :

- CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component.

- CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

- CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

- CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub component.

- CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub component.

- CVE-2016-5629: Remote security vulnerability in 'Server: Federated' sub component.

- CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub component.

The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52).

Security Fix(es) :

  - It was discovered that the MariaDB logging functionality     allowed writing to MariaDB configuration files. An     administrative database user, or a database user with     FILE privileges, could possibly use this flaw to run     arbitrary commands with root privileges on the system     running the database server. (CVE-2016-6662)

  - A race condition was found in the way MariaDB performed     MyISAM engine table repair. A database user with shell     access to the server running mysqld could use this flaw     to change permissions of arbitrary files writable by the     mysql system user. (CVE-2016-6663)

(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)

Additional Changes :

The version of MariaDB running on the remote host is 5.5.x prior to 5.5.52. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3492)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-5616)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5624)

  - An unspecified flaw exists in the GIS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5626)

  - An unspecified flaw exists in the Federated subcomponent     that allows an authenticated remote attacker to cause a     denial of service condition. (CVE-2016-5629)

  - A security bypass vulnerability exists that allows an     authenticated, remote attacker to bypass file access     restrictions and create the /var/lib/mysql/my.cnf file     with arbitrary contents without the FILE privilege     requirement. (CVE-2016-6663)

  - An unspecified flaw exists in the Types subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-8283)

  - A flaw exists in the Item_field::fix_after_pullout()     function within file sql/item.cc when handling a     prepared statement with conversion to semi-join. An     authenticated, remote attacker can exploit this to cause     a denial of service condition.

  - An assertion flaw exists in the mysql_admin_table()     function within file sql/sql_admin.cc when handling     the re-execution of certain ANALYZE TABLE prepared     statements. An authenticated, remote attacker can     exploit this to cause a denial of service condition.

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.18. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3492)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-5616)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5624)

  - An unspecified flaw exists in the GIS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5626)

  - An unspecified flaw exists in the Federated subcomponent     that allows an authenticated remote attacker to cause a     denial of service condition. (CVE-2016-5629)

  - A security bypass vulnerability exists that allows an     authenticated, remote attacker to bypass file access     restrictions and create the /var/lib/mysql/my.cnf file     with arbitrary contents without the FILE privilege     requirement. (CVE-2016-6663)

  - An unspecified flaw exists in the Types subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-8283)

  - A flaw exists in the Item_field::fix_after_pullout()     function within file sql/item.cc when handling a     prepared statement with conversion to semi-join. An     authenticated, remote attacker can exploit this to cause     a denial of service condition.

  - An assertion flaw exists in the mysql_admin_table()     function within file sql/sql_admin.cc when handling     the re-execution of certain ANALYZE TABLE prepared     statements. An authenticated, remote attacker can     exploit this to cause a denial of service condition.

This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) :

Security fixes :

  - CVE-2016-8283: Unspecified vulnerability in subcomponent     Types (bsc#1005582)

  - CVE-2016-7440: Unspecified vulnerability in subcomponent     Encryption (bsc#1005581)

  - CVE-2016-5629: Unspecified vulnerability in subcomponent     Federated (bsc#1005569)

  - CVE-2016-5626: Unspecified vulnerability in subcomponent     GIS (bsc#1005566)

  - CVE-2016-5624: Unspecified vulnerability in subcomponent     DML (bsc#1005564)

  - CVE-2016-5616: Unspecified vulnerability in subcomponent     MyISAM (bsc#1005562)

  - CVE-2016-5584: Unspecified vulnerability in subcomponent     Encryption (bsc#1005558)

  - CVE-2016-3492: Unspecified vulnerability in subcomponent     Optimizer (bsc#1005555)

  - CVE-2016-6663: Privilege Escalation / Race Condition     (bsc#1001367)

Bugfixes :

  - mysql_install_db can't find data files (bsc#1006539)

  - mariadb failing test sys_vars.optimizer_switch_basic     (bsc#1003800)

  - Remove useless mysql@default.service (bsc#1004477)

  - Replace all occurrences of the string '@sysconfdir@'     with '/etc' as it wasn't expanded properly (bsc#990890)

  - Notable changes :

  - XtraDB updated to 5.6.33-79.0

  - TokuDB updated to 5.6.33-79.0

  - Innodb updated to 5.6.33

  - Performance Schema updated to 5.6.33

  - Release notes and upstream changelog :

  - https://kb.askmonty.org/en/mariadb-10028-release-notes

  - https://kb.askmonty.org/en/mariadb-10028-changelog

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318) :

Security fixes :

  - CVE-2016-8283: Unspecified vulnerability in subcomponent     Types (bsc#1005582)

  - CVE-2016-7440: Unspecified vulnerability in subcomponent     Encryption (bsc#1005581)

  - CVE-2016-5629: Unspecified vulnerability in subcomponent     Federated (bsc#1005569)

  - CVE-2016-5626: Unspecified vulnerability in subcomponent     GIS (bsc#1005566)

  - CVE-2016-5624: Unspecified vulnerability in subcomponent     DML (bsc#1005564)

  - CVE-2016-5616: Unspecified vulnerability in subcomponent     MyISAM (bsc#1005562)

  - CVE-2016-5584: Unspecified vulnerability in subcomponent     Encryption (bsc#1005558)

  - CVE-2016-3492: Unspecified vulnerability in subcomponent     Optimizer (bsc#1005555)

  - CVE-2016-6663: Privilege Escalation / Race Condition     (bsc#1001367)

Bugfixes :

  - mariadb failing test sys_vars.optimizer_switch_basic     (bsc#1003800)

  - Remove useless mysql@default.service (bsc#1004477)

  - Replace all occurrences of the string '@sysconfdir@'     with '/etc' as it wasn't expanded properly (bsc#990890)

  - Notable changes :

  - XtraDB updated to 5.6.33-79.0

  - TokuDB updated to 5.6.33-79.0

  - Innodb updated to 5.6.33

  - Performance Schema updated to 5.6.33

  - Release notes and upstream changelog :

  - https://kb.askmonty.org/en/mariadb-10028-release-notes

  - https://kb.askmonty.org/en/mariadb-10028-changelog

This update was imported from the SUSE:SLE-12-SP1:Update update project.

The version of MariaDB running on the remote host is 10.0.x prior to 10.0.28. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Optimizer subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-3492)

  - An unspecified flaw exists in the Security: Encryption     subcomponent that allows an authenticated, remote     attacker to disclose sensitive information.
    (CVE-2016-5584)

  - An unspecified flaw exists in the MyISAM subcomponent     that allows a local attacker to gain elevated     privileges. (CVE-2016-5616)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5624)

  - An unspecified flaw exists in the GIS subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5626)

  - An unspecified flaw exists in the Federated subcomponent     that allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5629)

  - An unspecified flaw exists that allows an authenticated,     remote attacker to bypass restrictions and create the     /var/lib/mysql/my.cnf file with custom contents without     the FILE privilege requirement. (CVE-2016-6663)

  - A flaw exists in wolfSSL, specifically within the C     software version of AES Encryption and Decryption, due     to table lookups not properly considering cache-bank     access times. A local attacker can exploit this, via a     specially crafted application, to disclose AES keys.
    Note that this vulnerability does not affect MariaDB     packages included in Red Hat products since they're     built against system OpenSSL packages. (CVE-2016-7440)

  - An unspecified flaw exists in the Types subcomponent     that allows an authenticated, remote attacker to cause     a denial of service condition. (CVE-2016-8283)

  - A flaw exists in the fix_after_pullout() function in     item.cc that is triggered when handling a prepared     statement with a conversion to semi-join. An     authenticated, remote attacker can exploit this to crash     the database, resulting in a denial of service     condition.

  - A flaw exists in the mysql_admin_table() function in     sql_admin.cc that is triggered when handling     re-execution of certain ANALYZE TABLE prepared     statements. An authenticated, remote attacker can     exploit this to crash the database, resulting in a     denial of service condition.

  - A flaw exists in the fill_alter_inplace_info() function     in sql_table.cc that is triggered when altering     persistent virtual columns. An authenticated, remote     attacker can exploit this to crash the database,     resulting in a denial of service condition.

  - A flaw exists in the mysql_rm_table_no_locks() function     in sql_table.cc that is triggered during the handling of     CREATE OR REPLACE TABLE queries. An authenticated,     remote attacker can exploit this to crash the database,     resulting in a denial of service condition.

This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes :

  - CVE-2016-8283: Unspecified vulnerability in subcomponent     Types (bsc#1005582)

  - CVE-2016-7440: Unspecified vulnerability in subcomponent     Encryption (bsc#1005581)

  - CVE-2016-5629: Unspecified vulnerability in subcomponent     Federated (bsc#1005569)

  - CVE-2016-5626: Unspecified vulnerability in subcomponent     GIS (bsc#1005566)

  - CVE-2016-5624: Unspecified vulnerability in subcomponent     DML (bsc#1005564)

  - CVE-2016-5616: Unspecified vulnerability in subcomponent     MyISAM (bsc#1005562)

  - CVE-2016-5584: Unspecified vulnerability in subcomponent     Encryption (bsc#1005558)

  - CVE-2016-3492: Unspecified vulnerability in subcomponent     Optimizer (bsc#1005555)

  - CVE-2016-6663: Privilege Escalation / Race Condition     (bsc#1001367) Bugfixes :

  - mysql_install_db can't find data files (bsc#1006539)

  - mariadb failing test sys_vars.optimizer_switch_basic     (bsc#1003800)

  - Remove useless mysql@default.service (bsc#1004477)

  - Replace all occurrences of the string '@sysconfdir@'     with '/etc' as it wasn't expanded properly (bsc#990890)

  - Notable changes :

  - XtraDB updated to 5.6.33-79.0

  - TokuDB updated to 5.6.33-79.0

  - Innodb updated to 5.6.33

  - Performance Schema updated to 5.6.33

  - Release notes and upstream changelog :

  - https://kb.askmonty.org/en/mariadb-10028-release-notes

  - https://kb.askmonty.org/en/mariadb-10028-changelog

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes :

  - CVE-2016-8283: Unspecified vulnerability in subcomponent     Types (bsc#1005582)

  - CVE-2016-7440: Unspecified vulnerability in subcomponent     Encryption (bsc#1005581)

  - CVE-2016-5629: Unspecified vulnerability in subcomponent     Federated (bsc#1005569)

  - CVE-2016-5626: Unspecified vulnerability in subcomponent     GIS (bsc#1005566)

  - CVE-2016-5624: Unspecified vulnerability in subcomponent     DML (bsc#1005564)

  - CVE-2016-5616: Unspecified vulnerability in subcomponent     MyISAM (bsc#1005562)

  - CVE-2016-5584: Unspecified vulnerability in subcomponent     Encryption (bsc#1005558)

  - CVE-2016-3492: Unspecified vulnerability in subcomponent     Optimizer (bsc#1005555)

  - CVE-2016-6663: Privilege Escalation / Race Condition     (bsc#1001367) Bugfixes :

  - mysql_install_db can't find data files (bsc#1006539)

  - mariadb failing test sys_vars.optimizer_switch_basic     (bsc#1003800)

  - Notable changes :

  - XtraDB updated to 5.6.33-79.0

  - TokuDB updated to 5.6.33-79.0

  - Innodb updated to 5.6.33

  - Performance Schema updated to 5.6.33

  - Release notes and upstream changelog :

  - https://kb.askmonty.org/en/mariadb-10028-release-notes

  - https://kb.askmonty.org/en/mariadb-10028-changelog

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52). (BZ#1304516, BZ#1377974)

Security Fix(es) :

* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)

* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)

* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Several issues have been discovered in the MariaDB database server.
The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details :

  -     https://mariadb.com/kb/en/mariadb/mariadb-10028-release-     notes/

From Red Hat Security Advisory 2016:2595 :

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a newer upstream version:
mariadb (5.5.52). (BZ#1304516, BZ#1377974)

Security Fix(es) :

* It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662)

* A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663)

* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.
(CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

The version of MariaDB installed on the remote host is 10.0.x prior to 10.0.28, and is affected by multiple vulnerabilities :

 - An unspecified flaw may allow an authenticated attacker to bypass restrictions and create the '/var/lib/mysql/my.cnf' file with custom contents without the FILE privilege requirement.
 - A flaw in the C software version of AES Encryption and Decryption is triggered as table lookups do not properly consider cache-bank access times. This may allow a local user to disclose AES keys via a specially crafted application.
 - An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the GIS subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Federated subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Security: Encryption subcomponent. This may allow an authenticated remote attacker to disclose potentially sensitive information. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Types subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - A flaw exists in the 'fill_alter_inplace_info()' function in 'sql/sql_table.cc' that is triggered when altering persistent virtual columns. This may allow an authenticated attacker to crash the database.
 - A flaw exists in the 'mysql_rm_table_no_locks()' function in 'sql/sql_table.cc' that is triggered during the handling of 'CREATE OR REPLACE TABLE' queries. This may allow an authenticated attacker to crash the database.
 - A flaw exists in 'scripts/mysqld_safe.sh' that is triggered when handling arguments to 'malloc-lib'.  This may allow a local attacker to potentially gain elevated privileges.  Note that CVE-2016-6664 is reportedly a duplicate assignment of CVE-2016-5617, which was assigned to this issue's manifestation in Oracle MySQL.

New mariadb packages are available for Slackware 14.1, 14.2, and
-current to fix security issues.

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.52 and is affected by multiple issues :

 - A flaw exists related to the way 'REPAIR TABLE' uses temporary files.  This may allow an authenticated attacker to gain elevated privileges.
 - An overflow condition exists that is triggered as certain input is not properly validated when handling long integer values in 'MEDIUMINT' columns.  This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
 - A flaw exists that is triggered during the handling of prepared statements that use a parameter in the select list of a derived table that was part of a join.  This may allow an authenticated attacker to crash the server.
 - An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the GIS subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Federated subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Types subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.

The version of MySQL running on the remote host is 5.5.x prior to 5.5.52. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5624)

  - A flaw exists in the check_log_path() function within     file sql/sys_vars.cc due to inadequate restrictions on     the ability to write to the my.cnf configuration file     and allowing the loading of configuration files from     path locations not used by current versions. An     authenticated, remote attacker can exploit this issue     by using specially crafted queries that utilize logging     functionality to create new files or append custom     content to existing files. This allows the attacker to     gain root privileges by inserting a custom .cnf file     with a 'malloc_lib=' directive pointing to specially     crafted mysql_hookandroot_lib.so file and thereby cause     MySQL to load a malicious library the next time it is     started. (CVE-2016-6662)

  - An unspecified flaw exists that allows an authenticated,     remote attacker to bypass restrictions and create the     /var/lib/mysql/my.cnf file with custom contents without     the FILE privilege requirement. (CVE-2016-6663)

  - A flaw exists that is related to the use of temporary     files by REPAIR TABLE. An authenticated, remote attacker     can exploit this to gain elevated privileges.

  - A buffer overflow condition exists when handling long     integer values in MEDIUMINT columns due to the improper     validation of certain input. An authenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.

  - An unspecified flaw exists due to how a prepared     statement uses a parameter in the select list of a     derived table that was part of a join. An authenticated,     remote attacker can exploit this to cause a server exit,     resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.5.x prior to 5.5.52. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5624)

  - A flaw exists in the check_log_path() function within     file sql/sys_vars.cc due to inadequate restrictions on     the ability to write to the my.cnf configuration file     and allowing the loading of configuration files from     path locations not used by current versions. An     authenticated, remote attacker can exploit this issue     by using specially crafted queries that utilize logging     functionality to create new files or append custom     content to existing files. This allows the attacker to     gain root privileges by inserting a custom .cnf file     with a 'malloc_lib=' directive pointing to specially     crafted mysql_hookandroot_lib.so file and thereby cause     MySQL to load a malicious library the next time it is     started. (CVE-2016-6662)

  - An unspecified flaw exists that allows an authenticated,     remote attacker to bypass restrictions and create the     /var/lib/mysql/my.cnf file with custom contents without     the FILE privilege requirement. (CVE-2016-6663)     
  - A flaw exists that is related to the use of temporary     files by REPAIR TABLE. An authenticated, remote attacker     can exploit this to gain elevated privileges.

  - A buffer overflow condition exists when handling long     integer values in MEDIUMINT columns due to the improper     validation of certain input. An authenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.

  - An unspecified flaw exists due to how a prepared     statement uses a parameter in the select list of a     derived table that was part of a join. An authenticated,     remote attacker can exploit this to cause a server exit,     resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
99824	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)	Nessus	Huawei Local Security Checks	critical
96510	FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
95847	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	critical
95633	MariaDB 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus	Databases	high
95632	MariaDB 10.1.x < 10.1.18 Multiple Vulnerabilities	Nessus	Databases	high
95597	openSUSE Security Update : mariadb (openSUSE-2016-1417)	Nessus	SuSE Local Security Checks	medium
95596	openSUSE Security Update : mariadb (openSUSE-2016-1416)	Nessus	SuSE Local Security Checks	medium
95540	MariaDB 10.0.x < 10.0.28 Multiple Vulnerabilities	Nessus	Databases	medium
95384	SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1)	Nessus	SuSE Local Security Checks	medium
95383	SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)	Nessus	SuSE Local Security Checks	medium
95341	CentOS 7 : mariadb (CESA-2016:2595)	Nessus	CentOS Local Security Checks	critical
94743	Debian DSA-3711-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
94715	Oracle Linux 7 : mariadb (ELSA-2016-2595)	Nessus	Oracle Linux Local Security Checks	critical
94558	RHEL 7 : mariadb (RHSA-2016:2595)	Nessus	Red Hat Local Security Checks	critical
9752	MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
94440	Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)	Nessus	Slackware Local Security Checks	medium
9610	Oracle MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93376	MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus	Databases	high
93375	MySQL 5.5.x < 5.5.52 Multiple Vulnerabilities	Nessus	Databases	critical

CVE-2016-5624

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins