Fedora 24 : community-mysql (2016-0901301dff)

🗓️ 27 Sep 2016 00:00:00Reported by TenableType

Update to MySQL 5.7.15, Security fix for CVE-2016-6662. The remote Fedora host is missing a security update

Reporter	Title	Published	Views	Family All 368
IBM Security Bulletins	Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)	8 Dec 201804:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in mariadb affect PowerKVM	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (CVE-2016-6662)	16 Jun 201821:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance	19 Jul 202000:49	–	ibm
0day.today	MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation	12 Sep 201600:00	–	zdt
0day.today	MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition	2 Nov 201600:00	–	zdt
0day.today	MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation Vulnerability	2 Nov 201600:00	–	zdt
RedHat Linux	CVE-2016-6662	13 Mar 201813:45	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: mariadb-galera security update	13 Oct 201619:35	–	redhat
RedHat Linux	mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016)	13 Oct 201619:35	–	redhat

Source	Link
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2016-0901301dff
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2016-0901301dff.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93724);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/23");

  script_cve_id("CVE-2016-6662");
  script_xref(name:"FEDORA", value:"2016-0901301dff");

  script_name(english:"Fedora 24 : community-mysql (2016-0901301dff)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Update to MySQL 5.7.15, Security fix for CVE-2016-6662

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0901301dff");
  script_set_attribute(attribute:"solution", value:
"Update the affected community-mysql package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6662");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC24", reference:"community-mysql-5.7.15-1.fc24")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
}

23 Jan 2026 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 39.8

CVSS 210

EPSS0.89577