Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_6_31.NASL
HistoryJul 20, 2016 - 12:00 a.m.

MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities

2016-07-2000:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
95
JSON

The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities :

  • A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)

  • An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
    (CVE-2016-3452)

  • An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459)

  • An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471)

  • An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)

  • An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)

  • An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501)

  • An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)

  • An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-3614)

  • An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)

  • An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-5439)

  • An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)

  • An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
    (CVE-2016-5444)

  • An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)

  • Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.

  • A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.

  • An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • An unspecified flaw exists that is triggered when handling a ‘SELECT … GROUP BY … FOR UPDATE’ query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91995);
  script_version("1.16");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-2105",
    "CVE-2016-3452",
    "CVE-2016-3459",
    "CVE-2016-3471",
    "CVE-2016-3477",
    "CVE-2016-3486",
    "CVE-2016-3501",
    "CVE-2016-3521",
    "CVE-2016-3614",
    "CVE-2016-3615",
    "CVE-2016-5439",
    "CVE-2016-5440",
    "CVE-2016-5444",
    "CVE-2016-8288"
  );
  script_bugtraq_id(
    89757,
    91902,
    91913,
    91932,
    91943,
    91949,
    91953,
    91960,
    91969,
    91980,
    91987,
    91992,
    91999,
    93740
  );

  script_name(english:"MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.6.x prior to
5.6.31. It is, therefore, affected by multiple vulnerabilities :

  - A heap buffer overflow condition exists in the
    EVP_EncodeUpdate() function within file
    crypto/evp/encode.c that is triggered when handling
    a large amount of input data. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition. (CVE-2016-2105)

  - An unspecified flaw exists in the Security: Encryption
    subcomponent that allows an unauthenticated, remote
    attacker to disclose sensitive information.
    (CVE-2016-3452)

  - An unspecified flaw exists in the InnoDB subcomponent
    that allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-3459)

  - An unspecified flaw exists in the Options subcomponent
    that allows a local attacker to gain elevated
    privileges. (CVE-2016-3471)

  - An unspecified flaw exists in the Parser subcomponent
    that allows a local attacker to gain elevated
    privileges. (CVE-2016-3477)

  - An unspecified flaw exists in the FTS subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-3486)

  - An unspecified flaw exists in the Optimizer subcomponent
    that allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-3501)

  - An unspecified flaw exists in the Types subcomponent
    that allows an authenticated, remote attacker to cause
    a denial of service condition. (CVE-2016-3521)

  - An unspecified flaw exists in the Security: Encryption
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-3614)

  - An unspecified flaw exists in the DML subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-3615)

  - An unspecified flaw exists in the Privileges
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-5439)

  - An unspecified flaw exists in the RBR subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-5440)

  - An unspecified flaw exists in the Connection
    subcomponent that allows an unauthenticated, remote
    attacker to disclose sensitive information.
    (CVE-2016-5444)

  - An unspecified flaw exists in the InnoDB Plugin
    subcomponent that allows an authenticated, remote
    attacker to impact integrity. (CVE-2016-8288)

  - Multiple overflow conditions exist due to improper
    validation of user-supplied input. An authenticated,
    remote attacker can exploit these issues to cause a
    denial of service condition or the execution of
    arbitrary code.

  - A NULL pointer dereference flaw exists in a parser
    structure that is triggered during the validation of
    stored procedure names. An authenticated, remote
    attacker can exploit this to crash the database,
    resulting in a denial of service condition.

  - Multiple overflow conditions exist in the InnoDB
    memcached plugin due to improper validation of
    user-supplied input. An authenticated, remote attacker
    can exploit these issues to cause a denial of service
    condition or the execution of arbitrary code.

  - An unspecified flaw exists that is triggered when
    invoking Enterprise Encryption functions in multiple
    threads simultaneously or after creating and dropping
    them. An authenticated, remote attacker can exploit this
    to crash the database, resulting in a denial of service
    condition.

  - An unspecified flaw exists that is triggered when
    handling a 'SELECT ... GROUP BY ... FOR UPDATE' query
    executed with a loose index scan. An authenticated,
    remote attacker can exploit this to crash the database,
    resulting in a denial of service condition.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c");
  # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.6.31 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3471");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.6.31', min:'5.6', severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql

References

Related

nessus 33
amazon 1
openvas 30
redhat 5
debian 5
mageia 1
osv 8
f5 6
kaspersky 1
freebsd 1
suse 4
ubuntu 1
centos 1
oraclelinux 1
ibm 1
redhatcve 14
cve 13
mariadbunix 7
ubuntucve 13
cvelist 14
prion 14
veracode 15
alpinelinux 7
debiancve 1
hackerone 1
openssl 1
nessus
nessus
Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities
2016-07-11 00:00:00
Amazon Linux AMI : mysql56 (ALAS-2016-737)
2016-08-18 00:00:00
MySQL 5.5.x < 5.5.50 Multiple Vulnerabilities (July 2016 CPU)
2016-07-20 00:00:00
amazon
amazon
Important: mysql56
2016-08-17 13:30:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-737)
2016-10-26 00:00:00
Oracle MySQL Server 5.6 <= 5.6.30 / 5.7 <= 5.7.12 Security Update (cpujul2016) - Linux
2016-07-21 00:00:00
Oracle MySQL Server 5.6 <= 5.6.30 / 5.7 <= 5.7.12 Security Update (cpujul2016) - Windows
2016-07-21 00:00:00
redhat
redhat
(RHSA-2016:1601) Important: rh-mysql56-mysql security update
2016-08-11 12:01:14
(RHSA-2016:1603) Important: mariadb55-mariadb security update
2016-08-11 12:05:47
(RHSA-2016:1637) Important: rh-mariadb101-mariadb security update
2016-08-18 18:22:02
debian
debian
[SECURITY] [DSA 3624-1] mysql-5.5 security update
2016-07-21 19:41:09
[SECURITY] [DSA 3632-1] mariadb-10.0 security update
2016-07-27 14:48:54
[SECURITY] [DSA 3624-1] mysql-5.5 security update
2016-07-21 19:41:09
mageia
mageia
Updated mariadb packages fix security vulnerability
2016-07-27 00:59:16
osv
osv
mysql-5.5 - security update
2016-07-29 00:00:00
CVE-2016-5444
2016-07-21 10:14:00
CVE-2016-5440
2016-07-21 10:14:00
f5
f5
SOL42204713 - Multiple MySQL vulnerabilities
2016-09-30 00:00:00
K42204713 : Multiple MySQL vulnerabilities
2016-09-30 00:00:00
K15922322 : MySQL vulnerability CVE-2016-8288
2016-11-21 00:00:00
kaspersky
kaspersky
KLA10847 Multiple vulnerabilities in Oracle MySQL
2016-07-19 00:00:00
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2016-07-20 00:00:00
suse
suse
Security update for mysql (important)
2016-09-20 20:09:32
Security update for mysql-community-server (important)
2016-11-12 15:04:50
Security update for mariadb (important)
2016-11-08 18:07:29
ubuntu
ubuntu
MySQL vulnerabilities
2016-07-21 00:00:00
centos
centos
mariadb security update
2016-08-12 11:27:37
oraclelinux
oraclelinux
mariadb security update
2016-08-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM
2018-06-18 01:33:09
redhatcve
redhatcve
CVE-2016-8288
2016-10-19 09:47:22
CVE-2016-3486
2016-07-20 10:20:00
CVE-2016-3471
2016-07-20 10:19:17
cve
cve
CVE-2016-8288
2016-10-25 14:31:59
CVE-2016-3471
2016-07-21 10:12:25
CVE-2016-3486
2016-07-21 10:12:40
mariadbunix
mariadbunix
CVE-2016-3471
2016-07-21 10:12:00
CVE-2016-5444
2016-07-21 10:14:00
CVE-2016-3452
2016-07-21 10:12:00
ubuntucve
ubuntucve
CVE-2016-3471
2016-07-21 00:00:00
CVE-2016-8288
2016-10-25 00:00:00
CVE-2016-3486
2016-07-20 00:00:00
cvelist
cvelist
CVE-2016-3471
2016-07-21 10:00:00
CVE-2016-8288
2016-10-25 14:00:00
CVE-2016-3486
2016-07-21 10:00:00
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
Design/Logic Flaw
2016-07-21 10:12:00
Design/Logic Flaw
2016-07-21 10:12:00
veracode
veracode
Information Disclosure
2019-05-02 05:46:21
Denial Of Service (DOS)
2019-05-02 05:46:19
Denial Of Service
2019-05-02 05:46:19
alpinelinux
alpinelinux
CVE-2016-5444
2016-07-21 10:14:57
CVE-2016-5440
2016-07-21 10:14:53
CVE-2016-3452
2016-07-21 10:12:16
debiancve
debiancve
CVE-2016-2105
2016-05-05 01:59:01
hackerone
hackerone
Internet Bug Bounty: EVP_EncodeUpdate overflow (CVE-2016-2105)
2016-05-03 11:41:07
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2105
2016-05-03 00:00:00
JSON
Related for MYSQL_5_6_31.NASL
nessus33amazon1openvas30redhat5debian5mageia1osv8f56kaspersky1freebsd1suse4ubuntu1centos1oraclelinux1ibm1redhatcve14cve13mariadbunix7ubuntucve13cvelist14prion14veracode15alpinelinux7debiancve1hackerone1openssl1