Veracode Vulnerability DatabaseVERACODE:16872Privilege Escalation
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P
Oracle MySQL Server and MariaDB are vulnerable to privilege escalation attacks. A local user can exploit a flaw in the MyISAM component to partially modify data and cause denial of service and disclosure of information.
References
lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
rhn.redhat.com/errata/RHSA-2016-0705.html
rhn.redhat.com/errata/RHSA-2016-1480.html
rhn.redhat.com/errata/RHSA-2016-1481.html
rhn.redhat.com/errata/RHSA-2016-1602.html
www-01.ibm.com/support/docview.wss?uid=isg3T1024168
www.debian.org/security/2016/dsa-3557
www.debian.org/security/2016/dsa-3595
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
www.securityfocus.com/bid/86470
www.securitytracker.com/id/1035606
www.ubuntu.com/usn/USN-2953-1
access.redhat.com/errata/RHSA-2016:0705
access.redhat.com/errata/RHSA-2016:1132
access.redhat.com/security/cve/CVE-2016-3452
access.redhat.com/security/cve/CVE-2016-3471
access.redhat.com/security/cve/CVE-2016-5444
access.redhat.com/security/updates/classification/#critical
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html
mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/
mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/
mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/
Related
5.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P