Detections
Analytics
Alpine: mariadb: security update to 10.1.17-r0
critical Tenable Cloud Security Plugin ID 405495
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x
before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass
certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL
version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that
the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. (CVE-2016-6662)
- Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect
confidentiality via vectors related to DML. (CVE-2016-0643)
- Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect
availability via vectors related to FTS. (CVE-2016-0647)
- Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect
availability via vectors related to PS. (CVE-2016-0648)
- Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect
availability via vectors related to Security: Privileges. (CVE-2016-0666)
See Also
https://security.alpinelinux.org/vuln/CVE-2016-0643
https://security.alpinelinux.org/vuln/CVE-2016-0647
https://security.alpinelinux.org/vuln/CVE-2016-0648
https://security.alpinelinux.org/vuln/CVE-2016-0666
https://security.alpinelinux.org/vuln/CVE-2016-3452
https://security.alpinelinux.org/vuln/CVE-2016-3477
https://security.alpinelinux.org/vuln/CVE-2016-3521
https://security.alpinelinux.org/vuln/CVE-2016-3615
https://security.alpinelinux.org/vuln/CVE-2016-5440
Plugin Details
Severity: Critical
ID: 405495
Version: Revision 1.24
Type: Local
Published: 10/31/2023
Updated: 3/12/2025
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2016-6662
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 4/19/2016
Reference Information
CVE: CVE-2016-0643, CVE-2016-0647, CVE-2016-0648, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444, CVE-2016-6662
BID: 86457, 86486, 86495, 86509, 91902, 91932, 91953, 91960, 91987, 91999, 92912