Vulnerabilities > CVE-2016-5612

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
oracle
mariadb
redhat
nessus

Summary

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Configurations

Part Description Count
Application
Oracle
102
Application
Mariadb
48
OS
Redhat
15

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_7_14.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id93004
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93004
    titleMySQL 5.7.x < 5.7.14 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93004);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2016-3495",
        "CVE-2016-5612",
        "CVE-2016-5627",
        "CVE-2016-5628",
        "CVE-2016-5630",
        "CVE-2016-5631",
        "CVE-2016-5633",
        "CVE-2016-5634",
        "CVE-2016-5635",
        "CVE-2016-8284",
        "CVE-2016-8287",
        "CVE-2016-8289",
        "CVE-2016-8290"
      );
      script_bugtraq_id(
        93630,
        93642,
        93662,
        93670,
        93674,
        93684,
        93702,
        93709,
        93715,
        93720,
        93727,
        93733,
        93755
      );
    
      script_name(english:"MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of MySQL server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL running on the remote host is 5.7.x prior to
    5.7.14. It is, therefore, affected by multiple vulnerabilities :
    
      - Multiple unspecified flaws exist in the InnoDB
        subcomponent that allow an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630)
    
      - An unspecified flaw exists in the DML subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-5612)
    
      - An unspecified flaw exists in the DML subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-5628)
    
      - An unspecified flaw exists in the Memcached
        subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-5631)
    
      - Multiple unspecified flaws exist in the Performance
        Schema subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-5633, CVE-2016-8290)
    
      - An unspecified flaw exists in the RBR subcomponent that
        allows an authenticated, remote attacker to cause a
        denial of service condition. (CVE-2016-5634)
    
      - An unspecified flaw exists in the Security: Audit
        subcomponent that allows an authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-5635)
    
      - An unspecified flaw exists in the Replication
        subcomponent that allows a local attacker to cause a
        denial of service condition. (CVE-2016-8284)
    
      - An unspecified flaw exists in the Replication
        subcomponent that allows a authenticated, remote
        attacker to cause a denial of service condition.
        (CVE-2016-8287)
    
      - An unspecified flaw exists in the InnoDB subcomponent
        that allows a local attacker to impact integrity and
        availability. (CVE-2016-8289)
    
      - A denial of service vulnerability exists in InnoDB when
        selecting full-text index information schema tables for
        a deleted table. An authenticated, remote attacker can
        exploit this to cause a segmentation fault.
    
      - A denial of service vulnerability exists in InnoDB when
        handling ALTER TABLE operations on tables that have an
        indexed virtual column. An authenticated, remote
        attacker can exploit this to cause an assertion failure,
        resulting in a server crash.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
      script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 5.7.14 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-8289");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:'5.7.14', min:'5.7', severity:SECURITY_NOTE);
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2595.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es) : * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id95341
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95341
    titleCentOS 7 : mariadb (CESA-2016:2595)
  • NASL familyDatabases
    NASL idMYSQL_5_7_14_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2016-08-17
    plugin id93005
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93005
    titleMySQL 5.7.x < 5.7.14 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_32.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id93002
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93002
    titleMySQL 5.6.x < 5.6.32 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_32_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2016-08-17
    plugin id93003
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93003
    titleMySQL 5.6.x < 5.6.32 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1289.NASL
    descriptionmysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append
    last seen2020-06-05
    modified2016-11-14
    plugin id94756
    published2016-11-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94756
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2016-1289)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1274.NASL
    descriptionThis update for mariadb to 10.0.27 fixes the following issues : - release notes : - https://kb.askmonty.org/en/mariadb-10027-release-notes - https://kb.askmonty.org/en/mariadb-10026-release-notes - changelog : - https://kb.askmonty.org/en/mariadb-10027-changelog - https://kb.askmonty.org/en/mariadb-10026-changelog - fixed CVE
    last seen2020-06-05
    modified2016-11-09
    plugin id94649
    published2016-11-09
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94649
    titleopenSUSE Security Update : mariadb (openSUSE-2016-1274)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_MARIADB_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: mariadb (5.5.52). Security Fix(es) : - It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) - A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes :
    last seen2020-03-18
    modified2016-12-15
    plugin id95847
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95847
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20161103)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2595.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es) : * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94558
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94558
    titleRHEL 7 : mariadb (RHSA-2016:2595)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1554.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.(CVE-2016-0643) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.(CVE-2016-0608) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.(CVE-2016-0644) - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.(CVE-2014-6507) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.(CVE-2016-0646) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.(CVE-2016-0600) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0597) - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.(CVE-2014-0001) - Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.(CVE-2016-0648) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-0596) - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.(CVE-2016-0616) - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.(CVE-2016-0649) - It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the
    last seen2020-06-01
    modified2020-06-02
    plugin id125007
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125007
    titleEulerOS Virtualization 3.0.1.0 : mariadb (EulerOS-SA-2019-1554)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Attackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96232
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96232
    titleGLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_5_51.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.51. It is, therefore, affected by multiple denial of service vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id93000
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93000
    titleMySQL 5.5.x < 5.5.51 Multiple DoS
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1062.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.(CVE-2016-3492) - Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.(CVE-2016-5612) - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM.(CVE-2016-5616i1/4%0 - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.i1/4^CVE-2016-5624i1/4%0 - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.i1/4^CVE-2016-5626i1/4%0 - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.i1/4^CVE-2016-5629i1/4%0 - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15 MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17 and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.i1/4^CVE-2016-6662i1/4%0 - A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user.i1/4^CVE-2016-6663i1/4%0 - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.i1/4^CVE-2016-8283i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99824
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99824
    titleEulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1062)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2595.NASL
    descriptionFrom Red Hat Security Advisory 2016:2595 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es) : * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94715
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94715
    titleOracle Linux 7 : mariadb (ELSA-2016-2595)
  • NASL familyDatabases
    NASL idMYSQL_5_5_51_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.51. It is, therefore, affected by the multiple denial of service vulnerabilities: - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2016-08-17
    plugin id93001
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93001
    titleMySQL 5.5.x < 5.5.51 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1283.NASL
    descriptionmysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append
    last seen2020-06-05
    modified2016-11-11
    plugin id94694
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94694
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2016-1283)

Redhat

advisories
  • rhsa
    idRHSA-2016:1601
  • rhsa
    idRHSA-2016:2130
  • rhsa
    idRHSA-2016:2131
  • rhsa
    idRHSA-2016:2595
  • rhsa
    idRHSA-2016:2927
rpms
  • rh-mysql56-mysql-0:5.6.32-1.el6
  • rh-mysql56-mysql-0:5.6.32-1.el7
  • rh-mysql56-mysql-bench-0:5.6.32-1.el6
  • rh-mysql56-mysql-bench-0:5.6.32-1.el7
  • rh-mysql56-mysql-common-0:5.6.32-1.el6
  • rh-mysql56-mysql-common-0:5.6.32-1.el7
  • rh-mysql56-mysql-config-0:5.6.32-1.el6
  • rh-mysql56-mysql-config-0:5.6.32-1.el7
  • rh-mysql56-mysql-debuginfo-0:5.6.32-1.el6
  • rh-mysql56-mysql-debuginfo-0:5.6.32-1.el7
  • rh-mysql56-mysql-devel-0:5.6.32-1.el6
  • rh-mysql56-mysql-devel-0:5.6.32-1.el7
  • rh-mysql56-mysql-errmsg-0:5.6.32-1.el6
  • rh-mysql56-mysql-errmsg-0:5.6.32-1.el7
  • rh-mysql56-mysql-server-0:5.6.32-1.el6
  • rh-mysql56-mysql-server-0:5.6.32-1.el7
  • rh-mysql56-mysql-test-0:5.6.32-1.el6
  • rh-mysql56-mysql-test-0:5.6.32-1.el7
  • mysql55-mysql-0:5.5.52-1.el6
  • mysql55-mysql-0:5.5.52-1.el7
  • mysql55-mysql-bench-0:5.5.52-1.el6
  • mysql55-mysql-bench-0:5.5.52-1.el7
  • mysql55-mysql-debuginfo-0:5.5.52-1.el6
  • mysql55-mysql-debuginfo-0:5.5.52-1.el7
  • mysql55-mysql-devel-0:5.5.52-1.el6
  • mysql55-mysql-devel-0:5.5.52-1.el7
  • mysql55-mysql-libs-0:5.5.52-1.el6
  • mysql55-mysql-libs-0:5.5.52-1.el7
  • mysql55-mysql-server-0:5.5.52-1.el6
  • mysql55-mysql-server-0:5.5.52-1.el7
  • mysql55-mysql-test-0:5.5.52-1.el6
  • mysql55-mysql-test-0:5.5.52-1.el7
  • mariadb55-mariadb-0:5.5.53-1.el6
  • mariadb55-mariadb-0:5.5.53-1.el7
  • mariadb55-mariadb-bench-0:5.5.53-1.el6
  • mariadb55-mariadb-bench-0:5.5.53-1.el7
  • mariadb55-mariadb-debuginfo-0:5.5.53-1.el6
  • mariadb55-mariadb-debuginfo-0:5.5.53-1.el7
  • mariadb55-mariadb-devel-0:5.5.53-1.el6
  • mariadb55-mariadb-devel-0:5.5.53-1.el7
  • mariadb55-mariadb-libs-0:5.5.53-1.el6
  • mariadb55-mariadb-libs-0:5.5.53-1.el7
  • mariadb55-mariadb-server-0:5.5.53-1.el6
  • mariadb55-mariadb-server-0:5.5.53-1.el7
  • mariadb55-mariadb-test-0:5.5.53-1.el6
  • mariadb55-mariadb-test-0:5.5.53-1.el7
  • mariadb-1:5.5.52-1.el7
  • mariadb-bench-1:5.5.52-1.el7
  • mariadb-debuginfo-1:5.5.52-1.el7
  • mariadb-devel-1:5.5.52-1.el7
  • mariadb-embedded-1:5.5.52-1.el7
  • mariadb-embedded-devel-1:5.5.52-1.el7
  • mariadb-libs-1:5.5.52-1.el7
  • mariadb-server-1:5.5.52-1.el7
  • mariadb-test-1:5.5.52-1.el7
  • rh-mariadb100-mariadb-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-bench-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-bench-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-common-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-common-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-config-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-config-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-debuginfo-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-debuginfo-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-devel-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-devel-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-errmsg-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-errmsg-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-server-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-server-1:10.0.28-5.el7
  • rh-mariadb100-mariadb-test-1:10.0.28-5.el6
  • rh-mariadb100-mariadb-test-1:10.0.28-5.el7