EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the mariadb packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier, 5.6.32 and earlier, and 5.7.14 and earlier
allows remote authenticated users to affect
availability via vectors related to Server:
Optimizer.(CVE-2016-3492)

- Unspecified vulnerability in Oracle MySQL 5.5.50 and
earlier, 5.6.31 and earlier, and 5.7.13 and earlier
allows remote authenticated users to affect
availability via vectors related to DML.(CVE-2016-5612)

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier, 5.6.32 and earlier, and 5.7.14 and earlier
allows local users to affect confidentiality,
integrity, and availability via vectors related to
Server: MyISAM.(CVE-2016-5616)

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier allows remote authenticated users to affect
availability via vectors related to DML.(CVE-2016-5624)

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier, 5.6.32 and earlier, and 5.7.14 and earlier
allows remote authenticated users to affect
availability via vectors related to GIS.(CVE-2016-5626)

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier, 5.6.32 and earlier, and 5.7.14 and earlier
allows remote administrators to affect availability via
vectors related to Server: Federated.(CVE-2016-5629)

- Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and
5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x
before 10.0.27, and 10.1.x before 10.1.17; and Percona
Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,
and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection
mechanisms by setting general_log_file to a my.cnf
configuration. NOTE: this can be leveraged to execute
arbitrary code with root privileges by setting
malloc_lib.(CVE-2016-6662)

- A race condition was found in the way MySQL performed
MyISAM engine table repair. A database user with shell
access to the server running mysqld could use this flaw
to change permissions of arbitrary files writable by
the mysql system user.(CVE-2016-6663)

- Unspecified vulnerability in Oracle MySQL 5.5.51 and
earlier, 5.6.32 and earlier, and 5.7.14 and earlier
allows remote authenticated users to affect
availability via vectors related to Server:
Types.(CVE-2016-8283)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?bff3cab2

Solution :

Update the affected mariadb packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99824 ()

Bugtraq ID:

CVE ID: CVE-2016-3492
CVE-2016-5612
CVE-2016-5616
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-6662
CVE-2016-6663
CVE-2016-8283

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now