Vulnerabilities > CVE-2016-5627 - Unspecified vulnerability in Oracle Mysql
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.
Vulnerable Configurations
Nessus
NASL family Databases NASL id MYSQL_5_7_14.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 93004 published 2016-08-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93004 title MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93004); script_version("1.12"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-3495", "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-8284", "CVE-2016-8287", "CVE-2016-8289", "CVE-2016-8290" ); script_bugtraq_id( 93630, 93642, 93662, 93670, 93674, 93684, 93702, 93709, 93715, 93720, 93727, 93733, 93755 ); script_name(english:"MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5"); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.7.14 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-8289"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'5.7.14', min:'5.7', severity:SECURITY_NOTE);
NASL family Databases NASL id MYSQL_5_7_14_RPM.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-04 modified 2016-08-17 plugin id 93005 published 2016-08-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93005 title MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93005); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03"); script_cve_id( "CVE-2016-3495", "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-8284", "CVE-2016-8287", "CVE-2016-8289", "CVE-2016-8290" ); script_bugtraq_id( 93630, 93642, 93662, 93670, 93674, 93684, 93702, 93709, 93715, 93720, 93727, 93733, 93755 ); script_name(english:"MySQL 5.7.x < 5.7.14 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.7.x prior to 5.7.14. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3495, CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5628) - An unspecified flaw exists in the Memcached subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5631) - Multiple unspecified flaws exist in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5633, CVE-2016-8290) - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5634) - An unspecified flaw exists in the Security: Audit subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5635) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - An unspecified flaw exists in the Replication subcomponent that allows a authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8287) - An unspecified flaw exists in the InnoDB subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-8289) - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. - A denial of service vulnerability exists in InnoDB when handling ALTER TABLE operations on tables that have an indexed virtual column. An authenticated, remote attacker can exploit this to cause an assertion failure, resulting in a server crash. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5"); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453a538d"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.7.14 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-8289"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled"); script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release"); exit(0); } include("mysql_version.inc"); fix_version = "5.7.14"; exists_version = "5.7"; mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_NOTE);
NASL family Databases NASL id MYSQL_5_6_32.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 93002 published 2016-08-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93002 title MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93002); script_version("1.11"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5630", "CVE-2016-8284" ); script_bugtraq_id( 93630, 93642, 93674, 93755 ); script_name(english:"MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.6.32 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5630"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_version.nasl", "mysql_login.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/mysql", 3306); exit(0); } include("mysql_version.inc"); mysql_check_version(fixed:'5.6.32', min:'5.6', severity:SECURITY_WARNING);
NASL family Databases NASL id MYSQL_5_6_32_RPM.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-04 modified 2016-08-17 plugin id 93003 published 2016-08-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93003 title MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93003); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03"); script_cve_id( "CVE-2016-5612", "CVE-2016-5627", "CVE-2016-5630", "CVE-2016-8284" ); script_bugtraq_id( 93630, 93642, 93674, 93755 ); script_name(english:"MySQL 5.6.x < 5.6.32 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.6.x prior to 5.6.32. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5612) - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5627, CVE-2016-5630) - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-8284) - A denial of service vulnerability exists in the NAME_CONST() function when handling certain unspecified arguments. An authenticated, remote attacker can exploit this to cause the server to exit. - A denial of service vulnerability exists in InnoDB when selecting full-text index information schema tables for a deleted table. An authenticated, remote attacker can exploit this to cause a segmentation fault. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5"); script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453a538d"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.6.32 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5630"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/17"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled"); script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release"); exit(0); } include("mysql_version.inc"); fix_version = "5.6.32"; exists_version = "5.6"; mysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1289.NASL description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append last seen 2020-06-05 modified 2016-11-14 plugin id 94756 published 2016-11-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94756 title openSUSE Security Update : mysql-community-server (openSUSE-2016-1289) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1289. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(94756); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-2105", "CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3492", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-5609", "CVE-2016-5612", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5626", "CVE-2016-5627", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-6304", "CVE-2016-6662", "CVE-2016-7440", "CVE-2016-8283", "CVE-2016-8284", "CVE-2016-8288"); script_name(english:"openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)"); script_summary(english:"Check for the openSUSE-2016-1289 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append '--ignore-db-dir=lost+found' to the mysqld options in 'mysql-systemd-helper' script if 'lost+found' directory is found in $datadir [boo#986251] - remove syslog.target from *.service files [boo#983938] - add systemd to deps to build on leap and friends - replace '%(_libexecdir)/systemd/system' with %(_unitdir) macro - remove useless [email protected] [boo#971456] - replace all occurrences of the string '@sysconfdir@' with '/etc' in mysql-community-server-5.6.3-logrotate.patch as it wasn't expanded properly [boo#990890] - remove '%define _rundir' as 13.1 is out of support scope - run 'usermod -g mysql mysql' only if mysql user is not in mysql group. Run 'usermod -s /bin/false/ mysql' only if mysql user doesn't have '/bin/false' shell set. - re-enable mysql profiling" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005555" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005560" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005563" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005570" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005581" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971456" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977614" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983938" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=986251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989911" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989913" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989914" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989915" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989925" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989926" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=990890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=998309" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999666" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql-community-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client_r18-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debugsource-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-errormessages-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-debuginfo-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-32bit-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-debuginfo-32bit-5.6.34-19.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client_r18-32bit-5.6.34-19.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysql56client18-32bit / libmysql56client18 / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-01.NASL description The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Attackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96232 published 2017-01-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96232 title GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-01. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96232); script_version("3.3"); script_cvs_date("Date: 2019/06/04 9:45:00"); script_cve_id("CVE-2016-3492", "CVE-2016-3495", "CVE-2016-5507", "CVE-2016-5584", "CVE-2016-5609", "CVE-2016-5612", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5632", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-6652", "CVE-2016-6662", "CVE-2016-8283", "CVE-2016-8284", "CVE-2016-8286", "CVE-2016-8287", "CVE-2016-8288", "CVE-2016-8289", "CVE-2016-8290"); script_xref(name:"GLSA", value:"201701-01"); script_name(english:"GLSA-201701-01 : MariaDB and MySQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-01 (MariaDB and MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Attackers could execute arbitrary code, escalate privileges, and impact availability via unspecified vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-01" ); script_set_attribute( attribute:"solution", value: "All MariaDB users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mariadb-10.0.28' All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.6.34'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mariadb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mysql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/mariadb", unaffected:make_list("ge 10.0.28"), vulnerable:make_list("lt 10.0.28"))) flag++; if (qpkg_check(package:"dev-db/mysql", unaffected:make_list("ge 5.6.34"), vulnerable:make_list("lt 5.6.34"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MariaDB and MySQL"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1283.NASL description mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 31.html - fixed CVEs: CVE-2016-6304, CVE-2016-6662, CVE-2016-7440, CVE-2016-5584, CVE-2016-5617, CVE-2016-5616, CVE-2016-5626, CVE-2016-3492, CVE-2016-5629, CVE-2016-5507, CVE-2016-8283, CVE-2016-5609, CVE-2016-5612, CVE-2016-5627, CVE-2016-5630, CVE-2016-8284, CVE-2016-8288, CVE-2016-3477, CVE-2016-2105, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3615, CVE-2016-3614, CVE-2016-3459, CVE-2016-5439, CVE-2016-5440 - fixes SUSE Bugs: [boo#999666], [boo#998309], [boo#1005581], [boo#1005558], [boo#1005563], [boo#1005562], [boo#1005566], [boo#1005555], [boo#1005569], [boo#1005557], [boo#1005582], [boo#1005560], [boo#1005561], [boo#1005567], [boo#1005570], [boo#1005583], [boo#1005586], [boo#989913], [boo#977614], [boo#989914], [boo#989915], [boo#989919], [boo#989922], [boo#989921], [boo#989911], [boo#989925], [boo#989926] - append last seen 2020-06-05 modified 2016-11-11 plugin id 94694 published 2016-11-11 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94694 title openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)
Redhat
advisories |
| ||||
rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2016-1601.html
- http://rhn.redhat.com/errata/RHSA-2016-1601.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/93642
- http://www.securityfocus.com/bid/93642
- http://www.securitytracker.com/id/1037050
- http://www.securitytracker.com/id/1037050
- https://security.gentoo.org/glsa/201701-01
- https://security.gentoo.org/glsa/201701-01