Lucene search
Copyright (C) 2017 Greenbone AGOPENVAS:1361412562310871752HistoryJan 25, 2017 - 12:00 a.m.
RedHat Update for mysql RHSA-2017:0184-01
2017-01-2500:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
24
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.871752");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2017-01-25 05:42:00 +0100 (Wed, 25 Jan 2017)");
script_cve_id("CVE-2016-5616", "CVE-2016-6662", "CVE-2016-6663");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-06-03 17:41:00 +0000 (Mon, 03 Jun 2019)");
script_tag(name:"qod_type", value:"package");
script_name("RedHat Update for mysql RHSA-2017:0184-01");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mysql'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"MySQL is a multi-user, multi-threaded SQL
database server. It consists of the MySQL server daemon (mysqld) and many client
programs and libraries.
Security Fix(es):
* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)
* A race condition was found in the way MySQL performed MyISAM engine table
repair. A database user with shell access to the server running mysqld
could use this flaw to change permissions of arbitrary files writable by
the mysql system user. (CVE-2016-6663, CVE-2016-5616)");
script_tag(name:"affected", value:"mysql on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"RHSA", value:"2017:0184-01");
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00042.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-debuginfo", rpm:"mysql-debuginfo~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-libs", rpm:"mysql-libs~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-test", rpm:"mysql-test~5.1.73~8.el6_8", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
RHEL 6 : mysql (RHSA-2017:0184)
2017-01-25 00:00:00
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124)
2017-01-25 00:00:00
Amazon Linux AMI : mysql51 (ALAS-2017-800)
2017-02-23 00:00:00
amazon
amazon
Important: mysql51
2017-02-22 18:00:00
Important: mysql55, mysql56
2016-10-12 17:00:00
openvas
openvas
CentOS Update for mysql CESA-2017:0184 centos6
2017-01-27 00:00:00
RedHat Update for mariadb RHSA-2016:2595-02
2016-11-04 00:00:00
Slackware: Security Advisory (SSA:2016-257-01)
2022-04-21 00:00:00
redhat
redhat
(RHSA-2017:0184) Important: mysql security update
2017-01-24 10:49:30
(RHSA-2016:2060) Important: mariadb-galera security and bug fix update
2016-10-13 05:07:39
(RHSA-2016:2595) Important: mariadb security and bug fix update
2016-11-03 06:07:15
centos
centos
mysql security update
2017-01-26 22:35:43
mariadb security update
2016-11-25 16:00:08
oraclelinux
oraclelinux
mysql security update
2017-01-24 00:00:00
mariadb security and bug fix update
2016-11-09 00:00:00
exploitpack
exploitpack
archlinux
archlinux
mariadb: multiple issues
2016-09-14 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2016-6663
2016-12-13 00:00:00
CVE-2016-6662
2016-09-12 00:00:00
nvd
nvd
redhatcve
redhatcve
CVE-2016-6663
2016-12-15 20:18:51
CVE-2016-6662
2016-12-15 20:18:44
threatpost
threatpost
Critical MySQL Vulnerability Disclosed
2016-09-12 11:00:58
Critical MySQL Vulnerabilities Can Lead to Server Compromise
2016-11-02 14:02:10
thn
thn
New MySQL Zero Days — Hacking Website Databases
2016-09-12 06:14:00
Why Database Patching Best Practice Just Doesn't Work and How to Fix It
2021-10-18 16:00:00
mariadbunix
mariadbunix
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
Design/Logic Flaw
2016-09-20 18:59:00
Race condition
2016-12-13 21:59:00
zdt
zdt
packetstorm
packetstorm
MySQL / MariaDB / PerconaDB Root Privilege Escalation
2016-11-02 00:00:00
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
2016-11-02 00:00:00
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
2016-09-12 00:00:00
seebug
seebug
MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞(CVE-2016-6663)
2016-11-02 00:00:00
MySQL <= 5.7.15 remote Root code execution vulnerability
2016-09-13 00:00:00
exploitdb
exploitdb
checkpoint_advisories
checkpoint_advisories
MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)
2016-09-20 00:00:00
f5
f5
SOL72255110 - MySQL vulnerability CVE-2016-6662
2016-09-26 00:00:00
K73828041 : MySQL vulnerability CVE-2016-6663
2017-02-03 00:00:00
K13201415 : MySQL vulnerability CVE-2016-5616
2016-11-21 00:00:00
slackware
slackware
[slackware-security] mariadb / mysql
2016-09-13 20:15:07
[slackware-security] mariadb
2016-11-01 03:40:41
osv
osv
mysql-5.5 - security update
2016-09-16 00:00:00
CVE-2017-15365
2018-01-25 16:29:00
CVE-2020-10996
2020-04-27 13:15:12
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:13:35
Privilege Escalation
2019-05-02 05:51:01
Privilege Escalation
2019-01-15 09:15:26
debian
debian
[SECURITY] [DLA 624-1] mysql-5.5 security update
2016-09-16 15:37:59
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
suse
suse
Security update for mariadb (important)
2016-09-27 21:12:05
Security update for mariadb (important)
2016-10-04 17:09:01
Security update for mariadb (important)
2016-09-27 19:14:25
cvelist
cvelist
ibm
ibm
freebsd
freebsd
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
mysql -- Remote Root Code Execution
2016-09-12 00:00:00
ubuntu
ubuntu
MySQL vulnerability
2016-09-13 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mariadb-10.0.27-1.fc23
2016-10-03 20:22:41
[SECURITY] Fedora 24 Update: community-mysql-5.7.15-1.fc24
2016-09-27 03:57:17
[SECURITY] Fedora 24 Update: community-mysql-5.7.17-1.fc24
2016-12-27 22:49:07
alpinelinux
alpinelinux
CVE-2016-6662
2016-09-20 18:59:00
cloudfoundry
cloudfoundry
CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry
2016-09-28 00:00:00
myhack58
myhack58
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.18-alt1
2016-10-25 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2016-11-10 00:43:03
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.1%
Related for OPENVAS:1361412562310871752