Vulnerabilities > CVE-2016-5541 - Unspecified vulnerability in Oracle Mysql Cluster
Summary
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts).
Vulnerable Configurations
Nessus
NASL family Databases NASL id MYSQL_CLUSTER_7_2_27.NASL description The version of MySQL Cluster running on the remote host is 7.2.x prior to 7.2.27. It is, therefore, affected by an overflow condition in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data. last seen 2020-06-01 modified 2020-06-02 plugin id 96725 published 2017-01-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96725 title MySQL Cluster 7.2.x < 7.2.27 NDBAPI Subcomponent Buffer Overflow (January 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96725); script_version("1.6"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-5541"); script_bugtraq_id(95592); script_name(english:"MySQL Cluster 7.2.x < 7.2.27 NDBAPI Subcomponent Buffer Overflow (January 2017 CPU)"); script_summary(english:"Checks the MySQL Cluster version."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of MySQL Cluster running on the remote host is 7.2.x prior to 7.2.27. It is, therefore, affected by an overflow condition in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data."); # https://dev.mysql.com/doc/relnotes/mysql-cluster/7.2/en/mysql-cluster-news-7-2-27.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2c948f94"); # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1c38e52"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Cluster version 7.2.27 or later as referenced in the January 2017 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5541"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_cluster"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'Cluster', fixed:'7.2.27', min:'7.2', severity:SECURITY_WARNING);
NASL family Databases NASL id MYSQL_CLUSTER_7_3_15.NASL description The version of MySQL Cluster running on the remote host is 7.3.x prior to 7.3.15. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data. (CVE-2016-5541) - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3322) - An unspecified flaw exists in the General subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3323) last seen 2020-06-01 modified 2020-06-02 plugin id 96726 published 2017-01-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96726 title MySQL Cluster 7.3.x < 7.3.15 Multiple Vulnerabilities (January 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96726); script_version("1.6"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-5541", "CVE-2017-3322", "CVE-2017-3323"); script_bugtraq_id(95574, 95575, 95592); script_name(english:"MySQL Cluster 7.3.x < 7.3.15 Multiple Vulnerabilities (January 2017 CPU)"); script_summary(english:"Checks the MySQL Cluster version."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL Cluster running on the remote host is 7.3.x prior to 7.3.15. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data. (CVE-2016-5541) - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3322) - An unspecified flaw exists in the General subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3323)"); # https://dev.mysql.com/doc/relnotes/mysql-cluster/7.3/en/mysql-cluster-news-7-3-15.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?27ecedfe"); # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1c38e52"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Cluster version 7.3.15 or later as referenced in the January 2017 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5541"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_cluster"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'Cluster', fixed:'7.3.15', min:'7.3', severity:SECURITY_WARNING);
NASL family Databases NASL id MYSQL_CLUSTER_7_4_13.NASL description The version of MySQL Cluster running on the remote host is 7.4.x prior to 7.4.13. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data. (CVE-2016-5541) - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3322) - An unspecified flaw exists in the General subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3323) last seen 2020-06-01 modified 2020-06-02 plugin id 96728 published 2017-01-24 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96728 title MySQL Cluster 7.4.x < 7.4.13 Multiple Vulnerabilities (January 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96728); script_version("1.6"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-5541", "CVE-2017-3322", "CVE-2017-3323"); script_bugtraq_id(95574, 95575, 95592); script_name(english:"MySQL Cluster 7.4.x < 7.4.13 Multiple Vulnerabilities (January 2017 CPU)"); script_summary(english:"Checks the MySQL Cluster version."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL Cluster running on the remote host is 7.4.x prior to 7.4.13. It is, therefore, affected by multiple vulnerabilities : - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to update, insert, or delete arbitrary data. (CVE-2016-5541) - An overflow condition exists in the NDBAPI subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3322) - An unspecified flaw exists in the General subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3323)"); # https://dev.mysql.com/doc/relnotes/mysql-cluster/7.4/en/mysql-cluster-news-7-4-13.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0fbd72e"); # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1c38e52"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Cluster version 7.4.13 or later as referenced in the January 2017 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5541"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/24"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_cluster"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(variant:'Cluster', fixed:'7.4.13', min:'7.4', severity:SECURITY_WARNING);
References
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- http://www.securityfocus.com/bid/95592
- http://www.securityfocus.com/bid/95592
- http://www.securitytracker.com/id/1037640
- http://www.securitytracker.com/id/1037640
- https://twitter.com/NicolasLemonias/status/821954512168648705
- https://twitter.com/NicolasLemonias/status/821954512168648705
- https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html
- https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html