[FREEBSD:856B88BF-7984-11E6-81E7-D050996490D0] mysql -- Remote Root Code Execution

Severity Critical

Affected Packages 9

CVEs 1

Dawid Golunski reports:

  An independent research has revealed multiple severe MySQL
    vulnerabilities.  This advisory focuses on a critical
    vulnerability with a CVEID of CVE-2016-6662 which can allow
    attackers to (remotely) inject malicious settings into MySQL
    configuration files (my.cnf) leading to critical
    consequences.

Package	Affected Version
pkg:freebsd/percona57-server	< 5.7.14.7
pkg:freebsd/percona56-server	< 5.6.32.78.0
pkg:freebsd/percona55-server	< 5.5.51.38.1
pkg:freebsd/mysql57-server	< 5.7.15
pkg:freebsd/mysql56-server	< 5.6.33
pkg:freebsd/mysql55-server	< 5.5.52
pkg:freebsd/mariadb55-server	< 5.5.51
pkg:freebsd/mariadb101-server	< 10.1.17
pkg:freebsd/mariadb100-server	< 10.0.27

ID

FREEBSD:856B88BF-7984-11E6-81E7-D050996490D0

Severity

critical

Severity from

CVE-2016-6662

URL

http://vuxml.freebsd.org/freebsd/856b88bf-7984-11e6-81e7-d050996490d0.html

Published

2016-09-12T00:00:00
(8 years ago)

Modified

2016-09-13T00:00:00
(8 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt
FreeBSD VuXML			https://jira.mariadb.org/browse/MDEV-10465
FreeBSD VuXML			https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/
FreeBSD VuXML			https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
FreeBSD VuXML			https://www.psce.com/blog/2016/09/12/how-to-quickly-patch-mysql-server-against-cve-2016-6662/

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/percona57-server	percona57-server	< 5.7.14.7
Affected	pkg:freebsd/percona56-server	percona56-server	< 5.6.32.78.0
Affected	pkg:freebsd/percona55-server	percona55-server	< 5.5.51.38.1
Affected	pkg:freebsd/mysql57-server	mysql57-server	< 5.7.15
Affected	pkg:freebsd/mysql56-server	mysql56-server	< 5.6.33
Affected	pkg:freebsd/mysql55-server	mysql55-server	< 5.5.52
Affected	pkg:freebsd/mariadb55-server	mariadb55-server	< 5.5.51
Affected	pkg:freebsd/mariadb101-server	mariadb101-server	< 10.1.17
Affected	pkg:freebsd/mariadb100-server	mariadb100-server	< 10.0.27

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date