http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

93733

1037050

GLSA-201701-01

The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MariaDB and MySQL.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Attackers could execute arbitrary code, escalate privileges, and impact       availability via unspecified vectors.
  Workaround :

    There is no known workaround at this time.

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.14 and is affected by multiple issues :

 - A flaw exists in InnoDB that is triggered when selecting full-text index information schema tables for a deleted table.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in InnoDB that is triggered during the handling of 'ALTER TABLE' operations on a table with an indexed virtual column.  This may allow an authenticated attacker to crash the database.
 - A flaw exists in a library used by MySQL.  Specifically, the Henry Spencer regex Library (rxspencer) contains an overflow condition that is triggered as certain input is not properly validated.  This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact that may include a denial of service in a process linked against the library or potentially allow the execution of arbitrary code.
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Performance Schema subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. 
 - An unspecified flaw exists related to the RBR subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Security:Audit subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
 - An unspecified flaw exists related to the Replication subcomponent. This may allow a context-dependent attacker to cause a denial of service. No further details have been provided by the vendor. 

The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities :

  - Multiple unspecified flaws exist in the InnoDB     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5612)

  - An unspecified flaw exists in the DML subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5628)

  - An unspecified flaw exists in the Memcached     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5631)

  - Multiple unspecified flaws exist in the Performance     Schema subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5633, CVE-2016-8290)

  - An unspecified flaw exists in the RBR subcomponent that     allows an authenticated, remote attacker to cause a     denial of service condition. (CVE-2016-5634)

  - An unspecified flaw exists in the Security: Audit     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-5635)

  - An unspecified flaw exists in the Replication     subcomponent that allows a local attacker to cause a     denial of service condition. (CVE-2016-8284)

  - An unspecified flaw exists in the Replication     subcomponent that allows a authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2016-8287)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows a local attacker to impact integrity and     availability. (CVE-2016-8289)

  - A denial of service vulnerability exists in InnoDB when     selecting full-text index information schema tables for     a deleted table. An authenticated, remote attacker can     exploit this to cause a segmentation fault.

  - A denial of service vulnerability exists in InnoDB when     handling ALTER TABLE operations on tables that have an     indexed virtual column. An authenticated, remote     attacker can exploit this to cause an assertion failure,     resulting in a server crash.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
96232	GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
9617	Oracle MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
93005	MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus	Databases	medium
93004	MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities	Nessus	Databases	medium

CVE-2016-8290

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

medium

medium