mysql -- Remote Root Code Execution

2016-09-1200:00:00

vuxml.freebsd.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.8%

JSON

Dawid Golunski reports:

An independent research has revealed multiple severe MySQL
vulnerabilities. This advisory focuses on a critical
vulnerability with a CVEID of CVE-2016-6662 which can allow
attackers to (remotely) inject malicious settings into MySQL
configuration files (my.cnf) leading to critical
consequences.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmariadb55-server< 5.5.51UNKNOWN
FreeBSDanynoarchmariadb100-server< 10.0.27UNKNOWN
FreeBSDanynoarchmariadb101-server< 10.1.17UNKNOWN
FreeBSDanynoarchmysql55-server< 5.5.52UNKNOWN
FreeBSDanynoarchmysql56-server< 5.6.33UNKNOWN
FreeBSDanynoarchmysql57-server< 5.7.15UNKNOWN
FreeBSDanynoarchpercona55-server< 5.5.51.38.1UNKNOWN
FreeBSDanynoarchpercona56-server< 5.6.32.78.0UNKNOWN
FreeBSDanynoarchpercona57-server< 5.7.14.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mariadb55-server	< 5.5.51	UNKNOWN
FreeBSD	any	noarch	mariadb100-server	< 10.0.27	UNKNOWN
FreeBSD	any	noarch	mariadb101-server	< 10.1.17	UNKNOWN
FreeBSD	any	noarch	mysql55-server	< 5.5.52	UNKNOWN
FreeBSD	any	noarch	mysql56-server	< 5.6.33	UNKNOWN
FreeBSD	any	noarch	mysql57-server	< 5.7.15	UNKNOWN
FreeBSD	any	noarch	percona55-server	< 5.5.51.38.1	UNKNOWN
FreeBSD	any	noarch	percona56-server	< 5.6.32.78.0	UNKNOWN
FreeBSD	any	noarch	percona57-server	< 5.7.14.7	UNKNOWN