Lucene search

K
archlinuxArch LinuxASA-201609-10
HistorySep 14, 2016 - 12:00 a.m.

mariadb: multiple issues

2016-09-1400:00:00
Arch Linux
lists.archlinux.org
40

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

74.0%

  • CVE-2016-6662 (arbitrary code execution)

Researcher Dawid Golunski discovered several security issues in the
mariadb DBMS, including a vulnerability flaw that can be exploited by a
remote attacker to inject malicious settings into my.cnf configuration
files. The flaw can be triggered to fully compromise the DBMS by
executing arbitrary code with root privileges if mysqld_safe is
executed.

  • CVE-2016-6663 (access restriction bypass)

In the past mariadb used to read the main configuration file from three
different locations. One of them (the datadir) is unsafe because it’s
writeable by the sql-server. This way a remote attacker who could gain
access to the sql-server could deploy a maliciously crafted
configuration file.

OSVersionArchitecturePackageVersionFilename
anyanyanymariadb<Β 10.1.17-1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

74.0%