FreeBSD : MySQL -- multiple vulnerabilities (22373c43-d728-11e6-a9a5-b499baebfeaf)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The MySQL project reports :

- CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer'
sub component.

- CVE-2016-5616, CVE-2016-6663: Race condition allows local users with
certain permissions to gain privileges by leveraging use of
my_copystat by REPAIR TABLE to repair a MyISAM table.

- CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based
logging, allows local users with access to the mysql account to gain
root privileges via a symlink attack on error logs and possibly other
files.

- CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub
component.

- CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub
component.

- CVE-2016-5629: Remote security vulnerability in 'Server: Federated'
sub component.

- CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub
component.

See also :

http://www.nessus.org/u?1ad1fd2e
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/
http://www.nessus.org/u?20ca9702

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96510 ()

Bugtraq ID:

CVE ID: CVE-2016-3492
CVE-2016-5616
CVE-2016-5617
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-6663
CVE-2016-6664
CVE-2016-8283

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now