Vulnerabilities > CVE-2016-5444 - Remote Security vulnerability in Oracle MySQL

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

Vulnerable Configurations

Part Description Count
Application
Oracle
96
Application
Mariadb
57
Application
Ibm
2
OS
Redhat
17
OS
Oracle
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1602.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)
    last seen2020-06-01
    modified2020-06-02
    plugin id92938
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92938
    titleRHEL 7 : mariadb (RHSA-2016:1602)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:1602. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92938);
      script_version("2.13");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0666", "CVE-2016-3452", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444");
      script_xref(name:"RHSA", value:"2016:1602");
    
      script_name(english:"RHEL 7 : mariadb (RHSA-2016:1602)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for mariadb is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    MariaDB is a multi-user, multi-threaded SQL database server that is
    binary compatible with MySQL.
    
    The following packages have been upgraded to a newer upstream version:
    mariadb (5.5.50).
    
    Security Fix(es) :
    
    * This update fixes several vulnerabilities in the MariaDB database
    server. Information about these flaws can be found on the Oracle
    Critical Patch Update Advisory pages, listed in the References
    section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644,
    CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,
    CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477,
    CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:1602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0648"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-0666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-3452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-3477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-3521"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-3615"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5444"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:1602";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-bench-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-bench-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-debuginfo-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-devel-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-embedded-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-embedded-devel-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"mariadb-libs-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-server-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-server-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"mariadb-test-5.5.50-1.el7_2")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mariadb-test-5.5.50-1.el7_2")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-1602.NASL
    descriptionFrom Red Hat Security Advisory 2016:1602 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)
    last seen2020-06-01
    modified2020-06-02
    plugin id92934
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92934
    titleOracle Linux 7 : mariadb (ELSA-2016-1602)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:1602 and 
    # Oracle Linux Security Advisory ELSA-2016-1602 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92934);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0666", "CVE-2016-3452", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444");
      script_xref(name:"RHSA", value:"2016:1602");
    
      script_name(english:"Oracle Linux 7 : mariadb (ELSA-2016-1602)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:1602 :
    
    An update for mariadb is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    MariaDB is a multi-user, multi-threaded SQL database server that is
    binary compatible with MySQL.
    
    The following packages have been upgraded to a newer upstream version:
    mariadb (5.5.50).
    
    Security Fix(es) :
    
    * This update fixes several vulnerabilities in the MariaDB database
    server. Information about these flaws can be found on the Oracle
    Critical Patch Update Advisory pages, listed in the References
    section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644,
    CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,
    CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477,
    CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-August/006267.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mariadb packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-bench-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-devel-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-libs-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-server-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mariadb-test-5.5.50-1.el7_2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-devel / mariadb-embedded / etc");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_5_6_31.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a
    last seen2020-06-01
    modified2020-06-02
    plugin id91995
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91995
    titleMySQL 5.6.x < 5.6.31 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91995);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2016-2105",
        "CVE-2016-3452",
        "CVE-2016-3459",
        "CVE-2016-3471",
        "CVE-2016-3477",
        "CVE-2016-3486",
        "CVE-2016-3501",
        "CVE-2016-3521",
        "CVE-2016-3614",
        "CVE-2016-3615",
        "CVE-2016-5439",
        "CVE-2016-5440",
        "CVE-2016-5444",
        "CVE-2016-8288"
      );
      script_bugtraq_id(
        89757,
        91902,
        91913,
        91932,
        91943,
        91949,
        91953,
        91960,
        91969,
        91980,
        91987,
        91992,
        91999,
        93740
      );
    
      script_name(english:"MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of MySQL server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL running on the remote host is 5.6.x prior to
    5.6.31. It is, therefore, affected by multiple vulnerabilities :
    
      - A heap buffer overflow condition exists in the
        EVP_EncodeUpdate() function within file
        crypto/evp/encode.c that is triggered when handling
        a large amount of input data. An unauthenticated, remote
        attacker can exploit this to cause a denial of service
        condition. (CVE-2016-2105)
    
      - An unspecified flaw exists in the Security: Encryption
        subcomponent that allows an unauthenticated, remote
        attacker to disclose sensitive information.
        (CVE-2016-3452)
    
      - An unspecified flaw exists in the InnoDB subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-3459)
    
      - An unspecified flaw exists in the Options subcomponent
        that allows a local attacker to gain elevated
        privileges. (CVE-2016-3471)
    
      - An unspecified flaw exists in the Parser subcomponent
        that allows a local attacker to gain elevated
        privileges. (CVE-2016-3477)
    
      - An unspecified flaw exists in the FTS subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-3486)
    
      - An unspecified flaw exists in the Optimizer subcomponent
        that allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-3501)
    
      - An unspecified flaw exists in the Types subcomponent
        that allows an authenticated, remote attacker to cause
        a denial of service condition. (CVE-2016-3521)
    
      - An unspecified flaw exists in the Security: Encryption
        subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-3614)
    
      - An unspecified flaw exists in the DML subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-3615)
    
      - An unspecified flaw exists in the Privileges
        subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-5439)
    
      - An unspecified flaw exists in the RBR subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-5440)
    
      - An unspecified flaw exists in the Connection
        subcomponent that allows an unauthenticated, remote
        attacker to disclose sensitive information.
        (CVE-2016-5444)
    
      - An unspecified flaw exists in the InnoDB Plugin
        subcomponent that allows an authenticated, remote
        attacker to impact integrity. (CVE-2016-8288)
    
      - Multiple overflow conditions exist due to improper
        validation of user-supplied input. An authenticated,
        remote attacker can exploit these issues to cause a
        denial of service condition or the execution of
        arbitrary code.
    
      - A NULL pointer dereference flaw exists in a parser
        structure that is triggered during the validation of
        stored procedure names. An authenticated, remote
        attacker can exploit this to crash the database,
        resulting in a denial of service condition.
    
      - Multiple overflow conditions exist in the InnoDB
        memcached plugin due to improper validation of
        user-supplied input. An authenticated, remote attacker
        can exploit these issues to cause a denial of service
        condition or the execution of arbitrary code.
    
      - An unspecified flaw exists that is triggered when
        invoking Enterprise Encryption functions in multiple
        threads simultaneously or after creating and dropping
        them. An authenticated, remote attacker can exploit this
        to crash the database, resulting in a denial of service
        condition.
    
      - An unspecified flaw exists that is triggered when
        handling a 'SELECT ... GROUP BY ... FOR UPDATE' query
        executed with a loose index scan. An authenticated,
        remote attacker can exploit this to crash the database,
        resulting in a denial of service condition.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
      # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
      script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 5.6.31 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3471");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:'5.6.31', min:'5.6', severity:SECURITY_HOLE);
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160811_MARIADB_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)
    last seen2020-03-18
    modified2016-08-17
    plugin id92996
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92996
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20160811)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92996);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0666", "CVE-2016-3452", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444");
    
      script_name(english:"Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160811)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following packages have been upgraded to a newer upstream version:
    mariadb (5.5.50).
    
    Security Fix(es) :
    
    (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644,
    CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,
    CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477,
    CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1608&L=scientific-linux-errata&F=&S=&P=5853
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67d423f6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mariadb-test");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-bench-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-debuginfo-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-devel-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-embedded-devel-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-libs-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-server-5.5.50-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mariadb-test-5.5.50-1.el7_2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mariadb / mariadb-bench / mariadb-debuginfo / mariadb-devel / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL
    descriptionOracle reports : The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier
    last seen2020-06-01
    modified2020-06-02
    plugin id92505
    published2016-07-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92505
    titleFreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92505);
      script_version("2.8");
      script_cvs_date("Date: 2019/07/10 16:04:13");
    
      script_cve_id("CVE-2016-2105", "CVE-2016-3424", "CVE-2016-3440", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3518", "CVE-2016-3521", "CVE-2016-3588", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444");
    
      script_name(english:"FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Oracle reports :
    
    The quarterly Critical Patch Update contains 22 new security fixes for
    Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier"
      );
      # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2d65519a"
      );
      # https://vuxml.freebsd.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c288534"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb100-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb101-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mariadb55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql56-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql57-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:percona55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:percona56-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"mariadb55-server<=5.5.49")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mariadb100-server<=10.0.25")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mariadb101-server<=10.1.14")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mysql55-server<=5.5.49")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mysql56-server<5.6.30")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mysql57-server<5.7.12_1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"percona55-server<=5.5.49")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"percona56-server<=5.6.30")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-738.NASL
    descriptionIt was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to UDF. (CVE-2016-0608) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. (CVE-2016-0609) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. (CVE-2016-0505) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2016-0600) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0616) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-3452) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DDL. (CVE-2016-0644) Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. (CVE-2016-3477) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0596) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. (CVE-2016-0597) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect integrity and availability via vectors related to DML. (CVE-2016-0640) Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. (CVE-2016-3521) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect integrity and availability via vectors related to Federated. (CVE-2016-0642) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect confidentiality via vectors related to DML. (CVE-2016-0643) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to Security: Privileges. (CVE-2016-0666) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. (CVE-2016-0651) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to Replication. (CVE-2016-0650) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via vectors related to DML. (CVE-2016-0598) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to PS. (CVE-2016-0649) Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. (CVE-2016-5440) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. (CVE-2016-5444) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. (CVE-2016-0606) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to PS. (CVE-2016-0648) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect availability via vectors related to DML. (CVE-2016-0646) Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. (CVE-2016-0546) Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows local users to affect availability via vectors related to FTS. (CVE-2016-0647) Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. (CVE-2016-3615) Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. (CVE-2016-0641)
    last seen2020-06-01
    modified2020-06-02
    plugin id93016
    published2016-08-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93016
    titleAmazon Linux AMI : mysql55 (ALAS-2016-738)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-738.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93016);
      script_version("2.4");
      script_cvs_date("Date: 2019/07/10 16:04:12");
    
      script_cve_id("CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0600", "CVE-2016-0606", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0616", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0651", "CVE-2016-0666", "CVE-2016-2047", "CVE-2016-3452", "CVE-2016-3477", "CVE-2016-3521", "CVE-2016-3615", "CVE-2016-5440", "CVE-2016-5444");
      script_xref(name:"ALAS", value:"2016-738");
    
      script_name(english:"Amazon Linux AMI : mysql55 (ALAS-2016-738)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was found that the MariaDB client library did not properly check
    host names against server identities noted in the X.509 certificates
    when establishing secure connections using TLS/SSL. A
    man-in-the-middle attacker could possibly use this flaw to impersonate
    a server to a client. (CVE-2016-2047)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via vectors related
    to UDF. (CVE-2016-0608)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via unknown vectors
    related to privileges. (CVE-2016-0609)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via unknown vectors
    related to Options. (CVE-2016-0505)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via unknown vectors
    related to InnoDB. (CVE-2016-0600)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via unknown vectors
    related to Optimizer. (CVE-2016-0616)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    remote attackers to affect confidentiality via vectors related to
    Server: Security: Encryption. (CVE-2016-3452)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect availability via vectors related to DDL.
    (CVE-2016-0644)
    
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows
    local users to affect confidentiality, integrity, and availability via
    vectors related to Server: Parser. (CVE-2016-3477)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via vectors related
    to DML. (CVE-2016-0596)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via unknown vectors
    related to Optimizer. (CVE-2016-0597)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect integrity and availability via vectors related
    to DML. (CVE-2016-0640)
    
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows
    remote authenticated users to affect availability via vectors related
    to Server: Types. (CVE-2016-3521)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    local users to affect integrity and availability via vectors related
    to Federated. (CVE-2016-0642)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    local users to affect confidentiality via vectors related to DML.
    (CVE-2016-0643)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    local users to affect availability via vectors related to Security:
    Privileges. (CVE-2016-0666)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    local users to affect availability via vectors related to Optimizer.
    (CVE-2016-0651)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect availability via vectors related to Replication.
    (CVE-2016-0650)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect availability via vectors related
    to DML. (CVE-2016-0598)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect availability via vectors related to PS.
    (CVE-2016-0649)
    
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows
    remote administrators to affect availability via vectors related to
    Server: RBR. (CVE-2016-5440)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    remote attackers to affect confidentiality via vectors related to
    Server: Connection. (CVE-2016-5444)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    remote authenticated users to affect integrity via unknown vectors
    related to encryption. (CVE-2016-0606)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    local users to affect availability via vectors related to PS.
    (CVE-2016-0648)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect availability via vectors related to DML.
    (CVE-2016-0646)
    
    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows
    local users to affect confidentiality, integrity, and availability via
    unknown vectors related to Client. (CVE-2016-0546)
    
    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier allows
    local users to affect availability via vectors related to FTS.
    (CVE-2016-0647)
    
    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier allows
    remote authenticated users to affect availability via vectors related
    to Server: DML. (CVE-2016-3615)
    
    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier allows
    local users to affect confidentiality and availability via vectors
    related to MyISAM. (CVE-2016-0641)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-738.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update mysql55' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql-config");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-embedded-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql55-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"mysql-config-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-bench-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-debuginfo-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-devel-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-embedded-devel-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-libs-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-server-5.5.51-1.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"mysql55-test-5.5.51-1.11.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-config / mysql55 / mysql55-bench / mysql55-debuginfo / etc");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_5_7_12_RPM.NASL
    descriptionThe version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.12. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the JSON subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0657) - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0659) - An unspecified flaw exists in the Partition subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0662) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Locking subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0667) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject
    last seen2020-06-04
    modified2016-05-02
    plugin id90834
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90834
    titleOracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1035.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. - Security Fix(es) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.(CVE-2016-0640) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.(CVE-2016-0641) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.(CVE-2016-0643) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.(CVE-2016-0644) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.(CVE-2016-0646) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.(CVE-2016-0647) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.(CVE-2016-0648) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.(CVE-2016-0649) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.(CVE-2016-0650) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.(CVE-2016-0666) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.(CVE-2016-3452) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.(CVE-2016-3477) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.(CVE-2016-3521) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.(CVE-2016-3615) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.(CVE-2016-5440) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.(CVE-2016-5444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99798
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99798
    titleEulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1035)
  • NASL familyDatabases
    NASL idMYSQL_5_6_30_RPM.NASL
    descriptionThe version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.30. It is, therefore, affected by the following vulnerabilities : - A cipher algorithm downgrade vulnerability exists in the bundled version of OpenSSL due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197) - An unspecified flaw exists in the Pluggable Authentication subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-0639) - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - A key disclosure vulnerability exists in the bundled version of OpenSSL due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702) - A double-free error exists in the bundled version of OpenSSL due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705) - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797) - A denial of service vulnerability exists in the bundled version of OpenSSL due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798) - Multiple memory corruption issues exist in the bundled version of OpenSSL that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799) - A flaw exists in the bundled version of OpenSSL that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. (CVE-2016-0800) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject
    last seen2020-06-04
    modified2016-05-02
    plugin id90832
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90832
    titleOracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN)
  • NASL familyDatabases
    NASL idMARIADB_10_1_14.NASL
    descriptionThe version of MariaDB running on the remote host is 10.1.x prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw in the InnoDB subcomponent allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw in the Connection subcomponent allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - A heap corruption issue exists in the handle_connections_shared_memory() function in mysqld.cc due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An overflow condition exists in the ha_connect::ha_connect() function in ha_connect.cc due to improper validation of user-supplied input when when handling partnames. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists in sql_insert.cc that is triggered during the handling of INSERT or REPLACE DELAYED statements. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the embedded server in the cli_read_prepare_result() function in libmysql.c that is triggered when handling a CREATE TABLE statement. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the acl_load() function in sql_acl.cc that is triggered when handling user tables. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the cost_group_min_max() function in opt_range.cc that is triggered when handling a group by clause. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the Item_subselect::is_expensive() function in item_subselect.cc that is triggered when handling a UNION query. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the validate_password() function in sql_acl.cc that is triggered when handling NULL passwords. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - A flaw exists in the Item_func_match::fix_index() function within file sql/item_func.cc due to improper handling of a full-text search of the utf8mb4 column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id91766
    published2016-06-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91766
    titleMariaDB 10.1.x < 10.1.14 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_5_49_RPM.NASL
    descriptionThe version of Oracle MySQL installed on the remote host is 5.5.x prior to 5.5.49. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Federated subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0642) - An unspecified flaw exists in the DML subcomponent that allows a local attacker to disclose potentially sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the Security: Privileges subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0666) - A man-in-the-middle spoofing vulnerability exists due to the server hostname not being verified to match a domain name in the Subject
    last seen2020-06-04
    modified2016-05-02
    plugin id90830
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90830
    titleOracle MySQL 5.5.x < 5.5.49 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_7_13_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted
    last seen2020-06-04
    modified2016-07-11
    plugin id91998
    published2016-07-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91998
    titleOracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_31_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. - An unspecified flaw exists that is triggered when handling a
    last seen2020-06-04
    modified2016-07-11
    plugin id91996
    published2016-07-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91996
    titleOracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-1602.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es) : * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444)
    last seen2020-06-01
    modified2020-06-02
    plugin id92950
    published2016-08-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92950
    titleCentOS 7 : mariadb (CESA-2016:1602)
  • NASL familyDatabases
    NASL idMARIADB_5_5_49.NASL
    descriptionThe version of MariaDB running on the remote host is 5.5.x prior to 5.5.49. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the Security: Privileges component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Encryption component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw exists in the Connection component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - A denial of service vulnerability exists in the my_decimal_precision_to_length_no_truncation() function within file item_cmpfunc.cc when handling SELECT CASE statements. An authenticated, remote attacker can exploit this to crash the database. - A buffer overflow condition exists in the audit_plugin_so_init() function within file plugin/server_audit/server_audit.c due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id93616
    published2016-09-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93616
    titleMariaDB 5.5.x < 5.5.49 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_5_50.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.50. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. No other details are available. (CVE-2016-3452) - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. No other details are available. (CVE-2016-3471) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. No other details are available. (CVE-2016-3477) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. No other details are available. (CVE-2016-3521) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. No other details are available. (CVE-2016-3615) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. No other details are available. (CVE-2016-5440) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. No other details are available. (CVE-2016-5444) - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code. - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id91993
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91993
    titleMySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1553.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.(CVE-2016-3477) - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.(CVE-2016-3492) - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.(CVE-2016-5629) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.(CVE-2016-0650) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.(CVE-2016-5440) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.(CVE-2016-3521) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.(CVE-2016-0546) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-0598) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.(CVE-2016-5444) - Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.(CVE-2016-3615) - A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.(CVE-2016-6663) - It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.(CVE-2016-6662) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.(CVE-2016-0505) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.(CVE-2016-0666) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.(CVE-2014-6469) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.(CVE-2016-0640) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.(CVE-2016-3452) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.(CVE-2016-0641) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.(CVE-2014-6464) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.(CVE-2014-6559) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125006
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125006
    titleEulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1553)
  • NASL familyDatabases
    NASL idMARIADB_10_0_25.NASL
    descriptionThe version of MariaDB running on the remote host is 10.0.x prior to 10.0.25. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0648) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655) - An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0666) - An unspecified flaw exists in the Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - An unspecified flaw in the InnoDB subcomponent allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459) - An unspecified flaw in the Connection subcomponent allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An overflow condition exists in the extension_based_table_discovery() function in discover.cc due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A flaw exists in the mariadb_dyncol_unpack() function in ma_dyncol.c due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. - A flaw exists in the TDBTBM::ResetDB() function in tabtbl.cpp that is triggered when sorting a TBL table with a thread set to
    last seen2020-06-01
    modified2020-06-02
    plugin id91765
    published2016-06-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91765
    titleMariaDB 10.0.x < 10.0.25 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_7_13.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-3452) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459, CVE-2016-5436) - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477) - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486) - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588) - Multiple unspecified flaws exist in the Security: Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3614, CVE-2016-5442) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615) - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437) - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5439) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5441) - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443) - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444) - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288) - Multiple flaws exist in InnoDB that are triggered when handling specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id91997
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91997
    titleMySQL 5.7.x < 5.7.13 Multiple Vulnerabilities

Redhat

advisories
  • bugzilla
    id1358223
    titleCVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentmariadb is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602001
          • commentmariadb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702002
        • AND
          • commentmariadb-libs is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602003
          • commentmariadb-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702004
        • AND
          • commentmariadb-server is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602005
          • commentmariadb-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702010
        • AND
          • commentmariadb-devel is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602007
          • commentmariadb-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702012
        • AND
          • commentmariadb-test is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602009
          • commentmariadb-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702008
        • AND
          • commentmariadb-embedded is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602011
          • commentmariadb-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702016
        • AND
          • commentmariadb-bench is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602013
          • commentmariadb-bench is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702006
        • AND
          • commentmariadb-embedded-devel is earlier than 1:5.5.50-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20161602015
          • commentmariadb-embedded-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702014
    rhsa
    idRHSA-2016:1602
    released2016-08-11
    severityImportant
    titleRHSA-2016:1602: mariadb security update (Important)
  • rhsa
    idRHSA-2016:0705
  • rhsa
    idRHSA-2016:1132
  • rhsa
    idRHSA-2016:1480
  • rhsa
    idRHSA-2016:1481
rpms
  • rh-mysql56-mysql-0:5.6.30-1.el6
  • rh-mysql56-mysql-0:5.6.30-1.el7
  • rh-mysql56-mysql-bench-0:5.6.30-1.el6
  • rh-mysql56-mysql-bench-0:5.6.30-1.el7
  • rh-mysql56-mysql-common-0:5.6.30-1.el6
  • rh-mysql56-mysql-common-0:5.6.30-1.el7
  • rh-mysql56-mysql-config-0:5.6.30-1.el6
  • rh-mysql56-mysql-config-0:5.6.30-1.el7
  • rh-mysql56-mysql-debuginfo-0:5.6.30-1.el6
  • rh-mysql56-mysql-debuginfo-0:5.6.30-1.el7
  • rh-mysql56-mysql-devel-0:5.6.30-1.el6
  • rh-mysql56-mysql-devel-0:5.6.30-1.el7
  • rh-mysql56-mysql-errmsg-0:5.6.30-1.el6
  • rh-mysql56-mysql-errmsg-0:5.6.30-1.el7
  • rh-mysql56-mysql-server-0:5.6.30-1.el6
  • rh-mysql56-mysql-server-0:5.6.30-1.el7
  • rh-mysql56-mysql-test-0:5.6.30-1.el6
  • rh-mysql56-mysql-test-0:5.6.30-1.el7
  • rh-mariadb100-mariadb-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-bench-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-bench-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-common-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-common-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-config-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-config-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-debuginfo-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-debuginfo-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-devel-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-devel-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-errmsg-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-errmsg-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-server-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-server-1:10.0.25-4.el7
  • rh-mariadb100-mariadb-test-1:10.0.25-4.el6
  • rh-mariadb100-mariadb-test-1:10.0.25-4.el7
  • mysql55-mysql-0:5.5.50-1.el6
  • mysql55-mysql-0:5.5.50-1.el7
  • mysql55-mysql-bench-0:5.5.50-1.el6
  • mysql55-mysql-bench-0:5.5.50-1.el7
  • mysql55-mysql-debuginfo-0:5.5.50-1.el6
  • mysql55-mysql-debuginfo-0:5.5.50-1.el7
  • mysql55-mysql-devel-0:5.5.50-1.el6
  • mysql55-mysql-devel-0:5.5.50-1.el7
  • mysql55-mysql-libs-0:5.5.50-1.el6
  • mysql55-mysql-libs-0:5.5.50-1.el7
  • mysql55-mysql-server-0:5.5.50-1.el6
  • mysql55-mysql-server-0:5.5.50-1.el7
  • mysql55-mysql-test-0:5.5.50-1.el6
  • mysql55-mysql-test-0:5.5.50-1.el7
  • mariadb55-mariadb-0:5.5.49-1.el6
  • mariadb55-mariadb-0:5.5.49-1.el7
  • mariadb55-mariadb-bench-0:5.5.49-1.el6
  • mariadb55-mariadb-bench-0:5.5.49-1.el7
  • mariadb55-mariadb-debuginfo-0:5.5.49-1.el6
  • mariadb55-mariadb-debuginfo-0:5.5.49-1.el7
  • mariadb55-mariadb-devel-0:5.5.49-1.el6
  • mariadb55-mariadb-devel-0:5.5.49-1.el7
  • mariadb55-mariadb-libs-0:5.5.49-1.el6
  • mariadb55-mariadb-libs-0:5.5.49-1.el7
  • mariadb55-mariadb-server-0:5.5.49-1.el6
  • mariadb55-mariadb-server-0:5.5.49-1.el7
  • mariadb55-mariadb-test-0:5.5.49-1.el6
  • mariadb55-mariadb-test-0:5.5.49-1.el7
  • mariadb-1:5.5.50-1.el7_2
  • mariadb-bench-1:5.5.50-1.el7_2
  • mariadb-debuginfo-1:5.5.50-1.el7_2
  • mariadb-devel-1:5.5.50-1.el7_2
  • mariadb-embedded-1:5.5.50-1.el7_2
  • mariadb-embedded-devel-1:5.5.50-1.el7_2
  • mariadb-libs-1:5.5.50-1.el7_2
  • mariadb-server-1:5.5.50-1.el7_2
  • mariadb-test-1:5.5.50-1.el7_2