Lucene search
Copyright (C) 2017 Greenbone AGOPENVAS:1361412562310882643HistoryJan 27, 2017 - 12:00 a.m.
CentOS Update for mysql CESA-2017:0184 centos6
2017-01-2700:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
16
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%
Check the version of mysql
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882643");
script_version("2023-07-12T05:05:04+0000");
script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
script_tag(name:"creation_date", value:"2017-01-27 05:42:09 +0100 (Fri, 27 Jan 2017)");
script_cve_id("CVE-2016-5616", "CVE-2016-6662", "CVE-2016-6663");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-06-03 17:41:00 +0000 (Mon, 03 Jun 2019)");
script_tag(name:"qod_type", value:"package");
script_name("CentOS Update for mysql CESA-2017:0184 centos6");
script_tag(name:"summary", value:"Check the version of mysql");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"MySQL is a multi-user, multi-threaded
SQL database server. It consists of the MySQL server daemon (mysqld) and
many client programs and libraries.
Security Fix(es):
* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)
* A race condition was found in the way MySQL performed MyISAM engine table
repair. A database user with shell access to the server running mysqld
could use this flaw to change permissions of arbitrary files writable by
the mysql system user. (CVE-2016-6663, CVE-2016-5616)");
script_tag(name:"affected", value:"mysql on CentOS 6");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"CESA", value:"2017:0184");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2017-January/022257.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"mysql", rpm:"mysql~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-embedded", rpm:"mysql-embedded~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-embedded-devel", rpm:"mysql-embedded-devel~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-libs", rpm:"mysql-libs~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"mysql-test", rpm:"mysql-test~5.1.73~8.el6_8", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
Scientific Linux Security Update : mysql on SL6.x i386/x86_64 (20170124)
2017-01-25 00:00:00
Amazon Linux AMI : mysql51 (ALAS-2017-800)
2017-02-23 00:00:00
openvas
openvas
RedHat Update for mysql RHSA-2017:0184-01
2017-01-25 00:00:00
RedHat Update for mariadb RHSA-2016:2595-02
2016-11-04 00:00:00
Slackware: Security Advisory (SSA:2016-257-01)
2022-04-21 00:00:00
oraclelinux
oraclelinux
mysql security update
2017-01-24 00:00:00
mariadb security and bug fix update
2016-11-09 00:00:00
redhat
redhat
(RHSA-2017:0184) Important: mysql security update
2017-01-24 10:49:30
(RHSA-2016:2060) Important: mariadb-galera security and bug fix update
2016-10-13 05:07:39
(RHSA-2016:2595) Important: mariadb security and bug fix update
2016-11-03 06:07:15
centos
centos
mysql security update
2017-01-26 22:35:43
mariadb security update
2016-11-25 16:00:08
amazon
amazon
Important: mysql51
2017-02-22 18:00:00
Important: mysql55, mysql56
2016-10-12 17:00:00
exploitpack
exploitpack
redhatcve
redhatcve
CVE-2016-6663
2016-12-15 20:18:51
CVE-2016-6662
2016-12-15 20:18:44
mariadbunix
mariadbunix
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
Race condition
2016-12-13 21:59:00
Design/Logic Flaw
2016-09-20 18:59:00
thn
thn
New MySQL Zero Days — Hacking Website Databases
2016-09-12 06:14:00
Why Database Patching Best Practice Just Doesn't Work and How to Fix It
2021-10-18 16:00:00
threatpost
threatpost
Critical MySQL Vulnerability Disclosed
2016-09-12 11:00:58
Critical MySQL Vulnerabilities Can Lead to Server Compromise
2016-11-02 14:02:10
ubuntucve
ubuntucve
CVE-2016-6663
2016-12-13 00:00:00
CVE-2016-6662
2016-09-12 00:00:00
cve
cve
zdt
zdt
archlinux
archlinux
mariadb: multiple issues
2016-09-14 00:00:00
packetstorm
packetstorm
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
2016-11-02 00:00:00
MySQL / MariaDB / PerconaDB Root Privilege Escalation
2016-11-02 00:00:00
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
2016-09-12 00:00:00
seebug
seebug
MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞(CVE-2016-6663)
2016-11-02 00:00:00
MySQL <= 5.7.15 remote Root code execution vulnerability
2016-09-13 00:00:00
exploitdb
exploitdb
checkpoint_advisories
checkpoint_advisories
MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)
2016-09-20 00:00:00
f5
f5
SOL72255110 - MySQL vulnerability CVE-2016-6662
2016-09-26 00:00:00
K73828041 : MySQL vulnerability CVE-2016-6663
2017-02-03 00:00:00
K72255110 : MySQL vulnerability CVE-2016-6662
2016-09-26 00:00:00
suse
suse
Security update for mariadb (important)
2016-09-27 21:12:05
Security update for mariadb (important)
2016-09-27 19:14:25
Security update for mariadb (important)
2016-10-04 17:09:01
osv
osv
mysql-5.5 - security update
2016-09-16 00:00:00
CVE-2017-15365
2018-01-25 16:29:00
CVE-2020-10996
2020-04-27 13:15:12
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:13:35
Privilege Escalation
2019-05-02 05:51:01
Privilege Escalation
2019-01-15 09:15:26
debian
debian
[SECURITY] [DLA 624-1] mysql-5.5 security update
2016-09-16 15:37:59
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
[SECURITY] [DSA 3666-1] mysql-5.5 security update
2016-09-14 15:13:34
slackware
slackware
[slackware-security] mariadb / mysql
2016-09-13 20:15:07
[slackware-security] mariadb
2016-11-01 03:40:41
ibm
ibm
fedora
fedora
[SECURITY] Fedora 24 Update: community-mysql-5.7.15-1.fc24
2016-09-27 03:57:17
[SECURITY] Fedora 23 Update: mariadb-10.0.27-1.fc23
2016-10-03 20:22:41
[SECURITY] Fedora 24 Update: community-mysql-5.7.17-1.fc24
2016-12-27 22:49:07
cloudfoundry
cloudfoundry
CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry
2016-09-28 00:00:00
freebsd
freebsd
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
mysql -- Remote Root Code Execution
2016-09-12 00:00:00
Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662
2016-09-12 00:00:00
alpinelinux
alpinelinux
CVE-2016-6662
2016-09-20 18:59:00
ubuntu
ubuntu
MySQL vulnerability
2016-09-13 00:00:00
myhack58
myhack58
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.18-alt1
2016-10-25 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2016-11-10 00:43:03
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%
Related for OPENVAS:1361412562310882643